6-0900-15017-1
STATE OF MINNESOTA
OFFICE OF ADMINISTRATIVE HEARINGS
FOR THE DEPARTMENT OF HEALTH
|
In the Matter of the Proposed Rules of the Department of Health Related to the Collection of Administrative Billing Data; Minnesota Rules 4653.0100 to 4653.1300.
|
REPORT OF THE ADMINISTRATIVE LAW JUDGE |
A hearing in this matter was held before Administrative Law Judge Allan W. Klein on October 4, 2002 in St. Paul, Minnesota.
This Report is part of a rulemaking proceeding held pursuant to Minn. Stat. §§ 14.131 to 14.20 to hear public comment, determine whether the Department of Health (hereinafter referred to as “the Department”) has fulfilled all relevant substantive and procedural requirements of law applicable to the adoption of the rules, evaluate whether the proposed rules are needed and reasonable, and assess whether or not any modifications to the rules proposed by the Department after initial publication are substantially different from the rules as originally proposed.
The agency hearing panel consisted of David Orren, Rules and Data Practices Coordinator; Wendy Nelson, Assistant Director of the Health Policy and Systems Compliance Division; and Barbara Wills, Manager of the Data Analysis Program. Several other agency personnel also presented on behalf of the Department. Over one hundred persons attended the hearing. Sixty persons signed the hearing register. The hearing continued until all interested persons, groups, or associations had an opportunity to be heard concerning the adoption of these rules.
The record remained open for the submission of written comments until the close of business on October 24, 2002, twenty calendar days following the date of the hearing. Pursuant to Minn. Stat. § 14.15, subd. 1 (2002), five additional working days were allowed for the filing of responsive comments. At the end of business on October 31, 2002, the rulemaking record closed. The Administrative Law Judge received large numbers of comments in writing and by e-mail from interested persons during the initial comment period. The Department initially submitted suggested changes to the rules on October 15. The Department submitted written comments and final modifications to the proposed rule on October 24. The Department’s written comments responded to matters discussed at the hearing and comments filed to that time. Replies were filed during the responsive period. The Department also filed a final reply on October 31, 2002.
This Report must be available for review to all interested persons upon request for at least five working days before the Department takes any further action on the proposed amendments. The Department may then adopt a final rule, or modify or withdraw its proposed amendments.
When the Department files the rules with the Secretary of State, it shall give notice on the day of filing to all persons who requested that they be informed of the filing.
Based upon all of the testimony, exhibits and written comments, the Administrative Law Judge makes the following:
FINDINGS OF FACT
1. The proposed rules establish requirements for the collection and use of administrative billing data created by health care providers to obtain payment from insurers (or other third-party payors). This administrative billing data consists of the codes used in accounting for health care provided to individuals. Due to the need for health care benefit plans to coordinate between providers and insurers, the federal Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996.[1] Under HIPAA, managed care plans and health insurers (hereinafter “health plans”) are required to develop and use uniform coding for the billing of health care transactions. For those health plans that use electronic transmission for transactions, HIPAA compliance is due by October 16, 2003.[2]
2. The codes being developed for HIPAA compliance do not cover a person’s entire medical file. Chart notations by medical professionals, for example, are not transmitted for billing. While not a patient’s medical record, enough information is contained in the codes to provide an outline of a person’s medical condition and care received.[3] Because the capacity exists for these codes to disclose private information about medical care received by individuals, detailed requirements for the handling and use of the data compiled are proposed in these rules. And because of the same privacy concerns, many citizens and groups are opposed to the adoption of these rules.
3. The Department relies on Minn. Stat. § 62J.321, subd. 6, as providing the authority to adopt the proposed rules.[4] The statute states that:
The commissioner may adopt rules to implement sections 62J.301 to 62J.452.
The purpose of those sections is set out in Minn. Stat. § 62J.301, subd. 2, which states:
Subd. 2. Statement of purpose. The commissioner of health shall conduct data and research initiatives in order to monitor and improve the efficiency and effectiveness of health care in Minnesota
4. The Department is obligated to perform a number of duties relating to the collection and use of data under Minn. Stat. § 62J.301, subd. 3, which states:
Subd. 3. General duties. The commissioner shall:
(1) collect and maintain data which enable population-based monitoring and trending of the access, utilization, quality, and cost of health care services within Minnesota;
(2) collect and maintain data for the purpose of estimating total Minnesota health care expenditures and trends;
(3) collect and maintain data for the purposes of setting cost containment goals under section 62J.04, and measuring cost containment goal compliance;
(4) conduct applied research using existing and new data and promote applications based on existing research;
(5) develop and implement data collection procedures to ensure a high level of cooperation from health care providers and health plan companies, as defined in section 62Q.01, subdivision 4;
(6) work closely with health plan companies and health care providers to promote improvements in health care efficiency and effectiveness; and
(7) participate as a partner or sponsor of private sector initiatives that promote publicly disseminated applied research on health care delivery, outcomes, costs, quality, and management.
5. The proposed rules establish the collection and maintenance of information for a database to be used for research, cost containment, and improvement of health care within the meaning of Minn. Stat. § 62J.301, subd. 3.[5] Therefore, the Administrative Law Judge finds that the Board has statutory authority to adopt the proposed rules.
6. Generally speaking, an agency can adopt a rule if the agency shows that the rule is needed and reasonable, and the Legislature has authorized the adoption of the rule in statute. An agency cannot adopt a rule that conflicts with a statute, the Minnesota Constitution, or the United States Constitution. In addition, where changes have been made to the rule after publication in the State Register, the Administrative Law Judge must determine if the new language is substantially different from that which was proposed originally. A more complete statement of the applicable statutes and caselaw used in making these determinations is located at the conclusion of these Findings. The proposed rules have been analyzed by applying those standards to the Department’s presentation in light of the public comments.
7. On September 17, 2001, the Department published in the State Register and mailed to all Minnesota hospitals and the rulemaking list a request for comments on its planned rule amendments.[6] Also emails were sent to staff in various divisions of the Department, the Office of the Governor; Office of the Attorney General, Department of Human Services, Department of Administration, Department of Employee Relations, Emergency Medical Services Regulatory Board, and the University of Minnesota. The Department established a rules advisory committee and as participants invited fifteen major associations concerned with the provision of health care, twenty-three group purchasers of health care services, ten members of the Legislature, and a variety of other persons and associations with an interest in health care issues.[7] The Department conducted meetings with staff of those organizations currently involved in the handling of health care data.[8] The rules advisory committee met eleven times, with participation by representatives from all areas of interest.[9] In October 2001, the Department established a website with information regarding the proposed rulemaking and documents developed through the process.[10] As noted earlier, hundreds of persons participated in the hearing and post-hearing comment processes.
8. The Department prepared a Statement of Need and Reasonableness ("SONAR") in support of the proposed rules. At the hearing, the Department made a presentation to highlight the information in the SONAR as part of its affirmative presentation of need and reasonableness for the rules. The Department supplemented the SONAR with additional documents made available during the hearing. The Department also submitted written post-hearing comments and a reply.
9. The Department’s post-hearing changes are brief and most will be discussed in this Report. Each of the suggested changes to the proposed rule has been assessed to determine if the new language is substantially different from the language published in the State Register. None of them are substantially different. Moreover, the Department announced their proposed changes early enough in the process that the public had an opportunity (which was exercised) to comment on them.
10. The need for the Department to be collecting this data at all was questioned by a large number of commentators. Many considered the existence of such a database of information to have no use other than to serve potential employers, the insurance industry, and others who wanted to obtain otherwise private data about individuals without having to ask for it. Other commentators acknowledged the benefits that could flow from researchers having access to a good database, but they did not believe that this outweighed the harm that would occur if private data were released.[11]
11. Similar databases are already in existence at the federal level for recipients of Medicaid and Medicare. A collection of databases exists through a voluntary partnership between the federal Agency for Healthcare Research and Quality (AHRQ), thirty states, and the healthcare industry.[12] Such databases are used for research into the effectiveness of treatment, quality of care from particular providers, and the reduction of health care costs. Recently, the findings of research performed with these databases, presented in nonscientific language, have been published to help consumers choose between health plans, medical providers, and long-term care facilities.[13] This research benefits all consumers of healthcare by reducing costs, identifying appropriate and effective treatments, and ensuring the safety of treatments. The University of Minnesota described the database as the “proper tools and information” needed to allow “employers, employees and their families to become better consumers of health care.”[14]
12. Pilot projects to collect encounter level data have been conducted by the Department under its existing authority to collect information.[15] These pilot projects have been directed at specific medical conditions and measured health assessments, cost containment, and quality.[16] The Department used its experience in these pilot projects to arrive at conclusions regarding the use of outside vendors, the need for standardized identifiers, and the ability to provide the necessary security to ensure the protection of patient privacy.[17]
13. At the hearing, Dr. Harry Hull, the State Epidemologist, discussed the need for the database. He stated:
“Let me give you a few examples of how I and my staff would use this information:
“The Minnesota Department of Health has a newborn screening program. Before a newborn baby leaves the hospital, a couple of drops of blood are taken and put on a piece of filter paper and they are tested for more than 20 genetic diseases. Now, these diseases are rare and the program is expensive, but because treatment of these diseases is so expensive, early identification of these individuals saves huge amounts of money for the state. There is a rare infectious disease called toxoplasmosis. It’s a parasite that’s passed from cats typically to pregnant women, and they sometimes pass it to their unborn babies. The question is, should we screen additionally for toxoplasmosis? It would be expensive to do so. This database could provide information on the frequency of the disease, the cost of treatment of the disease, and allow us to make a recommendation to the legislature for funding for additional testing.
“Another example. It used to be that people on Medicare or citizens over 65 years of age could not be reimbursed for influenza immunizations. Dr. Marshall McBean, who is currently with the University of Minnesota School of Public Health, did a study using Medicare data and found out that the cost to Medicare for hospitalizations related to influenza was between $750,000,000 and a billion dollars per year. The result of that was that Medicare finally decided to reimburse the cost of influenza immunization to help keep our older population out of the hospital as a result of complications of influenza. We need similar data here to look at the total cost of influenza, so that we can evaluate whether or not expanded influenza immunization programs would be desirable.
“Another example. The Minnesota legislature, when they revised the immunization law a year and a half ago, at our request (suggestion) stated that we needed to provide data on the cost effectiveness and the incidence of disease related to the vaccinations that we were proposing. We’re currently looking at the possibility of adding varicella -- that is chicken pox -- to the school immunization law. Having statewide data on the frequencies of occurrences of this disease and the cost of treating this disease is vital to our providing the information that the people need to know to make a rational recommendation.
“We would also like to examine the use of antibiotics across the state to help us prevent the emergence of antibiotic resistance to strains of bacteria.
“Those are four examples of how we would use this data.”
14. The Department has shown that there are significant benefits in reducing costs to the public, improving treatment for patients, informing consumer choice in medical care, and preventing inadvertent harm when receiving medical care. Each of these reasons is a sufficient justification for establishing a database populated with billing data created for payment of medical services, so long as patient privacy can be protected.
15. A number of commentators suggested that concerns over this rule would be eliminated by limiting the data collected to that provided with the consent of the individual patient. They suggested that a patient should have to “opt-in” to the database before any data relating to that patient could be added. The Department considered that approach in developing this rule. The Department concluded that limiting the database to persons who self-select to offer their data will result in substantial biases in the contents of the database and in the results obtained by researchers using the database. In support of its rationale, the Department submitted a published study from the Mayo Clinic on the potential for bias in medical research based on issues arising from obtaining consent.[18] That study concluded that requiring consent before including data caused the database to be nonrepresentative of the general population. The Department has shown the need to obtain encounter data without obtaining the consent of the individual patient.
16. CCHC asserted that obtaining this information without individual consent exceeds the Department’s statutory authority. The legislative history of the MinnesotaCare program, the Regulated All-Payer System, and the Minnesota Health Data Institute was asserted by CCHC to be a demonstration that the Legislature did not intend to authorize the Department to establish a large-scale database.[19] CCHC also noted that the Health Care Analysis Unit, which previously engaged in research using data relating to performance outcomes and treatment effectiveness, was eliminated by the Legislature.
17. The Department responded that obtaining the encounter data without consent is authorized by Minn. Stat. §§ 62J.321, subd. 1, and 144.335, subd. 3b.[20] Minn. Stat. § 62J.321, subd. 1, states:
Subdivision 1. Data collection. (a) The commissioner shall collect data from health care providers, health plan companies, and individuals in the most cost-effective manner, which does not unduly burden them. The commissioner may require health care providers and health plan companies to collect and provide patient health records and claim files, and cooperate in other ways with the data collection process. The commissioner may also require health care providers and health plan companies to provide mailing lists of patients. Patient consent shall not be required for the release of data to the commissioner pursuant to sections 62J.301 to 62J.42 by any group purchaser, health plan company, health care provider; or agent, contractor, or association acting on behalf of a group purchaser or health care provider. Any group purchaser, health plan company, health care provider; or agent, contractor, or association acting on behalf of a group purchaser or health care provider, that releases data to the commissioner in good faith pursuant to sections 62J.301 to 62J.42 shall be immune from civil liability and criminal prosecution.[21]
18. The general standards for access to health records are contained in Minn. Stat. § 144.335. Subdivision 3a generally requires patient consent before health records are to be released. But subdivision 3b of that statute states:
Subd. 3b. Release of records to commissioner of health or health data institute. Subdivision 3a does not apply to the release of health records to the commissioner of health or the health data institute under chapter 62J, provided that the commissioner encrypts the patient identifier upon receipt of the data.[22]
19. These statutes unambiguously grant the Department the authority to receive health records without the consent of the individual patient for the purposes of this rule. The only limitation is that of encrypting the patient identifier upon the receipt of the health record. As is discussed in subsequent Findings, the proposed rule meets that statutory standard. The Department is acting within its statutory authority in collecting administrative billing records of persons receiving medical care without obtaining each individual's consent.
20. A related comment was that the proposed rules violated the Fourth Amendment prohibition against “unreasonable searches and seizures.”[23] The Department responded data collection of the sort proposed by these rules does not infringe on Fourth Amendment rights.[24] Similar information to the administrative billing data that is collected under this rule is currently being collected by 44 states.[25] The collection, maintenance, and appropriate handling of such data is governed by federal rule, 45 CFR § 500, et seq., in addition to each individual state's rules. The scope of this data collection has provided ample opportunity for constitutional challenge to the process. No court has determined such data collection to be constitutionally prohibited. To the contrary, required data collection has been expressly found to be consistent with the constitutional exercise of a State's authority.[26] No one has demonstrated in this proceeding that the approach taken by the Department for collecting or using this data is violative of any limitation on searches imposed by the Minnesota Constitution or United States Constitution.
21. Another constitutional consideration raised by many commentators is the potential for infringing on privacy rights of persons receiving health care. The concerns expressed in this area ranged from turning private records into a matter of public record to businesses using the records collected for marketing of prescriptions. Other commentators suggested that persons might forego medical care to avoid the potential for an intrusion into the private relationship between doctor and patient.
22. The leading case on the issue of privacy regarding state-maintained databases containing medical information is Whalen v. Roe.[27] In that case, the State of New York established a database to control the distribution of Schedule II drugs.[28] The prescribing physician was required to identify “the prescribing physician; the dispensing pharmacy; the drug and dosage; and the name, address, and age of the patient.”[29] This information was kept on a computer with access restricted to a limited number of state employees. The computer was physically and electronically isolated. Disclosure of identifying information was made a criminal offense to provide added incentive to securely protect the information provided for this database. Persons who feared being stigmatized as drug addicts (should their information be revealed) challenged the reporting requirement.[30] The District Court’s holding in the initial challenge to this collection of data was characterized by the Supreme Court as follows:
The District Court held that "the doctor-patient relationship is one of the zones of privacy accorded constitutional protection" and that the patient-identification provisions of the Act invaded this zone with "a needlessly broad sweep," and enjoined enforcement of the provisions of the Act which deal with the reporting of patients' names and addresses.[31]
23. The Supreme Court analyzed the security provided for the data and determined that the protections were sufficient to protect against inappropriate release of the information. Speaking to the general issues to privacy and databases maintained by governmental bodies, the Supreme Court stated:
A final word about issues we have not decided. We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files. The collection of taxes, the distribution of welfare and social security benefits, the supervision of public health, the direction of our Armed Forces, and the enforcement of the criminal laws all require the orderly preservation of great quantities of information, much of which is personal in character and potentially embarrassing or harmful if disclosed. The right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures. Recognizing that in some circumstances that duty arguably has its roots in the Constitution, nevertheless New York's statutory scheme, and its implementing administrative procedures, evidence a proper concern with, and protection of, the individual's interest in privacy. We therefore need not, and do not, decide any question which might be presented by the unwarranted disclosure of accumulated private data - whether intentional or unintentional - or by a system that did not contain comparable security provisions. We simply hold that this record does not establish an invasion of any right or liberty protected by the Fourteenth Amendment.[32]
24. The issue was revisited in United States v. Westinghouse Elec. Corp., where the Third Circuit Court of Appeals assessed the propriety of requiring the reporting of employee health data to the federal agency charged with overseeing occupational safety for employees. The Third Circuit established a framework for analysis of the competing interests of government and individuals described as follows:
The factors which should be considered in deciding whether an intrusion into an individual’s privacy is justified are the type of record requested, the information it does or might contain, the potential for harm in any subsequent nonconsensual disclosure, the injury from disclosure to the relationship in which the record was generated, the adequacy of safeguards to prevent unauthorized disclosure, the degree of need for access, and whether there is an express statutory mandate, articulated public policy or other recognizable public interest militating toward access.[33]
25. As demonstrated by the number of public comments in this proceeding (and as recognized by both the Legislature and the Department), the nature of the information to be provided by this rule is traditionally kept private, and disclosure of the information poses a significant risk of harm to the person and that person’s relationship with the medical professionals involved in creating that information. The need for the information to further outcomes that are in the public interest was discussed in foregoing Findings. Under the Westinghouse factors, the Department is obligated to show that its data collection system adequate protects individual privacy. The Department immediately addresses this potential for harm by encrypting the encrypting the personally identifying data (names and addresses) and storing this information apart from the remaining data that is not personally identified. Encrypting the data in this fashion prevents casual disclosure. The proposed rules use this data encryption, as well as physical isolation, designated employee access, use restrictions, and security audits as means of protecting the collected data. The system will be described in greater detail in the section–by-section analysis of the rule. The Department has shown the statutory authorization to collect this data and articulated valid public policy reasons for doing so. The showing of need, safeguards against release, express statutory authority, and articulated public interest meets the Westinghouse factors for assessing permissible intrusions into the private sphere. As with the Fourth Amendment issues discussed in the foregoing Findings, there has been no showing that the proposed rule infringes on a protected privacy right.
26. Michael Rodning Bash, Esq., objected to the proposed rules as violative of privacy rights. The commentator quoted Minnesota Supreme Court on the subject of privacy, which stated:
Today we join the majority of jurisdictions and recognize the tort of invasion of privacy. The right to privacy is an integral part of our humanity; one has a public persona, exposed and active, and a private persona, guarded and preserved. The heart of our liberty is choosing which parts of our lives shall become public and which parts we shall hold close.[34]
27. The proposed rules place great emphasis on protecting the privacy of individuals, consistent with being able to use the data about those individuals for legitimate research. Significant efforts are expended in protecting the identity of individuals. These rules establish restrictions on what data can be published through the research process. There is no defect in the proposed rule due to the recognition of the tort of privacy in Minnesota.[35]
Proposed Rule Part 4653.0100 - Definitions
28. Proposed rule part 4653.0100 defines terms to be used throughout these rules. In the main, the definitions were not the subject of comment and have been shown to be needed and reasonable. Those definitions that were the subject of comments will be discussed.
29. “Administrative billing data” is defined in proposed subpart 3 as encounter level data submitted to a group purchaser as part of a claim for payment. The Minnesota Council of Health Plans described its expectations during the development of these rules regarding the data to be submitted as "health plans would not be required to maintain or submit data that was not required under HIPAA."[36] The data described in subpart 3, in the commentator's opinion, is broader than that required under HIPAA and will result in additional costs to health plans. The Minnesota Council of Health Plans suggested that amending the subpart to define the required data as "required by federal law and retained by the group purchaser to adjudicate the claim" would address this problem.[37]
30. In response, the Department reiterated that rule requires that health plans use the HIPAA standard format for reporting. Since all health plans will be using this format by October 2003 (absent a change in federal law), the Department maintains that the costs of the reporting required by these rules will be minimized.[38] There is no defect in the originally proposed subpart 3 by failing to reference HIPAA. Language that expressly limits the data to the HIPAA format is found in proposed rule 4653.1200, subpart 3 (and discussed in subsequent Findings). The language in proposed subpart 3 is consistent with the Department's stated approach to the reporting to be performed. Subpart 3 is needed and reasonable as proposed.
Proposed Rule Part 4653.0200 – Administrative Billing Data Collected
31. Proposed rule part 4653.0200, subpart 1, requires the Commissioner to collect claims, enrollment, and demographic data from group purchasers. The specific data elements to be collected from group purchasers for claims data are set out in subpart 2. The specific data elements to be collected from group purchasers for enrollment or demographic data are set out in subpart 3. The Minnesota Council of Health Plans (the Council) questioned whether the rules could require information other than that required under HIPAA. Requiring information that is outside the federally required formatting could result in additional costs to group purchasers of health care.
32. The Department responded to the Council’s comment by modifying subparts 2 and 3 to expressly state that the data be collected using “a standard format according to part 4653.1200, subpart 3.”[39] The referenced rule part requires that “federally required standard record formats and coding specifications” are required of the data submitted. The only such specifications that anyone has identified are the HIPAA codes. The providers and payors covered by these rules are required to use the HIPAA codes beginning in October, 2003. Limiting the required data and format to HIPPA standards places no undue burden on the affected providers and payors.
33. The Council also questioned the reliability of the data element described as the “date of onset of the current illness, injury, or pregnancy” located at subpart 2.B.(3). The Council did not indicate what data could be obtained to ensure that the encounter data being collected could be longitudinally identified. Including a date of onset at least allows research results to distinguish between initial and follow-up visits. The data element has been shown to be needed and reasonable.
34. Item A of subpart 3 lists eighteen data elements for each covered individual that must be provided by the group purchaser under these rules. Individually identifying information such as the covered person’s name, address, marital status, employment status, date of birth, gender, race, and ethnicity are included among the elements listed in item A.
35. Commentators questioned the usefulness of race and ethnicity data in research and asserted that collecting such data is problematic, due to the blending of ethnicities in society. The issues raised by the commentators are well taken, since the area of individual ethnicity and race relies on self-definition and lacks objective standards. But these concerns do not obliterate the continued usefulness of these data elements for researchers. The occurrence of diseases or conditions in identifiable segments of the population compels the need to compare results between segments. Public health research is often directed at identifiable groups in order to address recognized health problems experienced by such groups.[40] The prevalence of such research demonstrates that collecting data elements on race and ethnicity are needed and reasonable.
36. The Department has shown subparts 2 and 3 are needed and reasonable as modified. The new language merely references already proposed and language and thus does not render the rule substantially different from that which was proposed originally and published in the State Register.
37. Subpart 4 requires that administrative billing data from hospitals be categorized as inpatient or outpatient data. Subpart 5 lists the inpatient discharge and outpatient data elements that must be submitted for use in the database. Subpart 6 sets out the general obligations of the Department to establish the database, use the HIPAA data format, educate data providers, and coordinate quality control measures with group purchasers and hospitals. The obligations of group purchasers and hospitals are set out in subpart 7. Group purchasers and hospitals must submit the data set out in the first five subparts, cooperate in the Department’s education and data quality control efforts, report data discrepancies, and “make every reasonable effort” to provide all the relevant HIPAA codes for each patient claim or encounter.
38. Item A of subpart 8, as originally proposed, authorized the Department to add to the list of data elements that must be provided under these rules, without engaging in additional rulemaking. The Council objected to this provision as allowing unpromulgated amendments to rules. CCHC suggested that this provision resulted in undue discretion to the Commissioner, and that the rule should require “public notice or opportunity of public comment.”[41] In response to these comments, the Department altered item A to remove the discretion to alter data elements and retained only the requirement that the data element collection be changed where “the data element is needed to comply with a new or revised state or federal law.” Item B, setting out when an item need no longer be collected, and item C, providing for notice to group health plans, have not been changed. The Department has shown subpart 8 is needed and reasonable as modified. The new language meets the objections raised by commentators and clarifies that the data collection will conform to requirements of state and federal statutes. The new language is not substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.0300 – Data Collection Procedures for Group Purchasers
39. The data collection to be undertaken under these rules is a very difficult task due to the large amount of data and the significant number of group purchasers. The Department noted that the burden is significantly greater if each of the 150 companies that report premium revenue is required to participate in this process.[42] The Department considered the burden imposed and the ability to achieve an adequate level of statistically-valid data using data from fewer group purchasers.
40. The Department noted that the current distribution of premium revenue resulted in the top 20 group purchasers accounting for 96% of total premium revenue for group purchasers.[43] The Department concluded that 96% of the premium revenue reflected an adequately large group to minimize sample error.
41. Subpart 2 of part 4653.0300 sets out the process to determine, in any particular reporting period, which of the group purchases must report to obtain that statistically-valid sample. Group purchasers would be ranked by premium revenue in descending order. The reporting group would then be determined by adding the revenue of these purchasers, in the order they appear on the list, until the total reaches 96% of the total premium revenue. Each group purchaser whose revenue was included to reach the percentage must report. The only reporting required of group purchasers not on the list is where special population groups would not be included in the data, thereby resulting in statistical bias.[44] Subpart 2 is needed and reasonable, as proposed.
42. A number of commentators objected to the expense of data collection, particularly with respect to the use of State funds in a time of anticipated deficits in overall budget. The Department acknowledged that additional resources are required, beyond its existing budget, to implement the data collection sought by these rules.[45] Subpart 11 explicitly delays the implementation of the group purchaser data collection until funding is available and the Department publishes notice in the State Register. Part 4653.0300 would take effect one year after the notice is published. Subpart 11 relieves group purchasers from the need to comply with these rules until the Department is ready to receive the data. Subpart 11 is needed and reasonable, as proposed.
43. The Insurance Federation of Minnesota sought additional assurance that small indemnity insurers would not bear the reporting burdens of these rules. The Department “agreed to exclude those licensed under Minnesota Statutes, Section 60A and make up less than three percent of the total annual amount assessed by the Minnesota Comprehensive Health Association (MCHA).”[46] UCare Minnesota requested a clarification that group purchasers would not be included for services provided under Medical Assistance, Medicare, General Assistance medical care, MinnesotaCare, and other government-paid premium coverage.[47] The Department agreed with this suggestion. To carry out these exclusions, the Department proposed a new subpart, which states:
44. The new language addresses the concerns raised by the commentators for clarity regarding exemption from reporting. Subpart 12 has been shown to be needed and reasonable. The new language does not render the rule substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.0400 – Data Collection Procedures for Hospitals
45. Under part 4653.0400, hospitals are required to report the same data elements as group purchasers. Unlike group purchasers, the Department has the resources to collect hospital data without any additional funding.[48] Subpart 1 establishes the data submission requirement and affords a variance to any hospital reporting as part of the Minnesota Hospital and Healthcare Partnership (MHHP).[49] Subpart 3 identifies the data that must be submitted and, in items B through E, delays submission of elements until state or federal law establishes the standards for those elements. Item F delays submission of patient identifier data until January 1, 2004, since that information is not currently being collected through the MHHP.[50] Subparts 1 through 3 are needed and reasonable, as proposed.
46. The Department proposed to clarify subpart 4, by changing the title of the subpart, to reflect that both the due dates and methods of submission are specified in the data submission manual described in part 4653.1200. The use of a manual for these purposes will be discussed below. Subpart 4 has been shown to be needed and reasonable. Modifying the title of the subpart does not render the rule substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.0500 – Departmental Use of Administrative Billing Data
47. A critical factor in assessing the propriety of collecting private data is the intended use of that data. The Department indicated that a balance was needed between research for which input and permission from an advisory committee was important, and, the Department’s own use of the data for purposes not rising to the level of research.[51] As proposed, subpart 1 of part 4653.0500 exempted from advisory committee review the Department’s use of the data to fulfill requirements of state and federal law, plan projects with other State agencies, develop policies of the Department, and perform preliminary data analysis for proposing research projects. Subparts 2 through 6 set out the standards for research proposals, support by Department staff, and the process for evaluation and approval of research requests.
48. The Minnesota Medical Association (MMA) objected to the proposed internal use of the data collected. The MMA recognized the need for preliminary analysis by Department staff and suggested that such analysis need not be reviewed by the Data Use Committee. For appropriate uses that are needed on a timeline that is inconsistent with the full review process, the MMA suggested developing an expedited review process.[52] CCHC suggested that the “internal use of data is broad, virtually undefined, and not subject to oversight.”[53]
49. In response to the objections to the proposed method for internal handling of the collected data, the Department proposed extensive changes to part 4653.0500. As finally proposed, the part reads as follows:
4653.0500 DEPARTMENTAL USE OF ADMINISTRATIVE BILLING DATA.
Subpart 1. Preliminary Data Analysis. Use of data collected under parts 4653.0100 to 4653.1300 is not subject to review of the data use committee established under part 4653.0600 if the data are used by Department of Health staff to perform unpublished preliminary data analyses that may result in a research project proposal to be submitted to the Data Use Committee under subpart 3.
Subp. 2. Internal use of data. Use of data collected under parts 4653.0100 to 4653.1300 is subject to an expedited review of the data use committee established under part 4653.0600 if the data are used by Department of Health staff to:
A. fulfill a requirement of state or federal law;
B. provide background, planning, or policy development information for a project with another state agency;
C. provide background, planning, or policy development information for Department of Health program activities; or
D. provide background, planning, or policy development information for the Minnesota state legislature.
Subp.3. Research project proposal. An eligible department researcher requesting access to not public data collected under parts 4653.0100 to 4653.1300 for a research project must submit a research project proposal to the commissioner in a format prescribed by the administrative billing data staff.
Subp. 4. Staff support. To facilitate the review of research project proposals, the administrative billing data staff must:
A. develop a process for submission and review of research project proposals to ensure a complete and timely review of the proposals;
B. in cooperation with the data use committee, develop a format for the submission of research project proposals;
C. distribute a description of the process and the format to eligible department researchers and interested parties;
D. provide technical support to eligible department researchers to ensure the completeness of submitted research project proposals;
E. schedule reviews of research project proposals and provide support for the data use committee;
F. ensure that a statistical analysis of each research project proposal is completed by the data use committee or Department of Health staff to determine if the proposal is based on scientifically sound and statistically valid methods and submit the results of the analysis to the commissioner;
G. submit the data use committee recommendations to the commissioner; and
H. monitor the review process of each proposal to ensure a complete review and a timely notification of approval or disapproval.
Subp. 5. Evaluation and recommendation. (a)The commissioner must refer a research project proposal submitted according to subpart 3 to the data use committee established under part 4653.0600 for evaluation and a recommendation for approval or disapproval. The commissioner must consider the recommendations of the data use committee in the decision to approve or disapprove a research project proposal. (b) An expedited review must be conducted for internal uses of the data defined in Subpart 2. The commissioner must request a review and recommendation by the chair and co-chair of the data use committee established under part 4653.0600. The chair and co-chair must provide the commissioner a recommendation within one business day and the commissioner must consider the recommendation in the decision to approve or disapprove the request for internal use of the data.
Subp. 6. Proposal review procedures. The commissioner must review each research project proposal submitted according to subpart 3. To decide whether to approve or disapprove a proposal, the commissioner must consider:
A. the recommendation of the data use committee;
B. the statistical analysis described in subpart 4, item F;
C. whether the proposal is in the public interest according to Minnesota Statutes, chapter 62J;
D. whether the data requested is the minimum amount of data required;
E. whether the eligible department researcher has demonstrated an ability to safeguard the data against unauthorized use and to ensure that not public data will be protected;
F. whether it is feasible to answer the proposed research questions with administrative billing data;
G. whether the proposed data handling methods will protect the security and integrity of the data;
H. whether the eligible department researcher and any identified contractor have adequate experience, knowledge, and skills that qualify them to complete the proposed project; and
I. whether the proposal has a workable time line.
Subp. 7. Proposal review results. Within 60 days after receiving the research project proposal submitted according to subpart 3, the commissioner must provide to the eligible department researcher who submitted the proposal written notice of approval or disapproval of the proposal. This 60-day deadline shall be extended to 90 days if, within 60 days after receiving the proposal, the commissioner provides written notification to the eligible department researcher that the commissioner shall provide notice of approval or disapproval within 90 days after receiving the proposal. If the proposal is not approved, the notice of disapproval must include the reasons for the disapproval. The commissioner must provide a copy of the notice of approval or disapproval to the data use committee. The data steward must not grant access to data for a research project without a copy of the notice of approval from the commissioner.
50. The new language replaces the Department’s exemption from review with a process for expedited review. The review process ensures that any use of the data is examined by the Data Use Committee, thereby assuring that outside oversight of all uses of the data is maintained. The Data Use Committee prepares a recommendation to the Commissioner of Health for consideration of approval or denial of the proposed research project. The standards to be applied by the Commissioner are set out in proposed subpart 6. These standards are directed at the appropriate use of the database, minimizing access to data elements, protecting the data from unauthorized access, and preventing disclosure of not public data. The review standards parallel the existing federal review standards for health data research, set out in 45 C.F.R. 164.512.[54] The standards established in these rules are sufficient to protect the privacy interests of those individuals whose data is included in the database. Part 4635.0500, as modified, has been shown to be needed and reasonable. Altering the rule to remove the exemption for limited Department use of the data does not render the rule substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.0600 – Data Use Committee
51. The composition of the Data Use Committee that will provide outside review of requests to conduct database research is set out in part 4653.0600. As originally proposed, the Committee would be comprised of three members appointed by MHHP (representing hospitals); three members appointed by the Council and one member appointed by the Insurance Federation (representing group purchasers), one member appointed jointly by the Mayo Foundation and the Minnesota Association of Public Teaching Hospitals (representing research institutions), one member appointed by the Minnesota Medical Association (representing physicians), one member appointed by the Minnesota Nurses Association (representing nurses), one member appointed by the Minnesota Department of Commerce, one member appointed by the Minnesota Department of Employee Relations, one member appointed by the Minnesota Department of Human Services, one member appointed by the University of Minnesota (representing health services researchers), and one consumer representative who is appointed by the Commissioner of Health.
52. Prior to publication of the rules, the Department received suggestions that researchers with specific expertise in an area might be required to make a recommendation on a particular project.[55] In subpart 2, the Commissioner is required to “request additional participation on the data use committee if necessary to provide expertise specific to a proposal topic or to provide statistical expertise.” This flexibility of appointment to the Data Use Committee assures that a meaningful review of proposed research will be conducted. Subpart 2 is needed and reasonable, as proposed.
53. The Insurance Federation suggested that, with the exemption of its membership from the reporting requirements through the addition of proposed rule 4653.0300, subp. 12, there was no need for a member of the Data Use Committee appointed by the Insurance Federation. The Department accepted the suggestion and deleted that portion of subpart 1.[56] The Carlson Companies, Wells Fargo, US Bank, and the University of Minnesota suggested that the Minnesota Chamber of Commerce (the Chamber) would be an appropriate representative for business interests affected by research requests. These commentators proposed that four members of the Data Use Committee be appointed by the Chamber. The Department agreed that the Chamber should have representation on the Data Use Committee, but concluded that one representative appointed by the Chamber was sufficient.[57] As finally proposed by the Department (and absent any appointments for particular requests based on expertise), the total number of Data Use Committee members is 15. Acceding to the request for four members appointed by the Chamber has not been demonstrated to be critical to the need or reasonableness of the rule. Subpart 1, as modified, has been shown to be needed and reasonable. Adjusting the membership of the Data Use Committee to reflect affected interests does not render the rule substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.0700 – Publication of Data
54. Research is most useful when the results can be shared amongst those who will benefit from the inquiry’s findings. Whether the results aid in improving health care delivery, choosing better treatment options, or reducing the cost of care, changes will not be made without the results of research being published. But there is no evidence in this record that suggests that any of these public benefits justifies disclosure of private information concerning an individual. Subpart 1 of proposed rule 4653.0700 recognizes the need to protect against such disclosure and requires that the Commissioner of Health “ensure that the identity of a covered individual is protected when data, routine reports, compilations, and special studies are published by the commissioner.” Subpart 2 affords hospitals and group purchasers the opportunity to contest the accuracy of research findings, where a hospital or group purchaser is identified in the research.[58] Subpart 3 requires that the Commissioner publish reports concerning regional variation in health care access and utilization, performance on health goals, prevalence and treatment of some chronic conditions, and cost comparisons by treatment and condition.
55. The Health Plans Council objected to the rule language that only identified the privacy protection to individuals. The Council suggested that subpart 1 require that the Commissioner also ensure that each provider and group purchaser be protected as well, except as provided in subpart 2. The Council also suggested the time to comment on a release under subpart 2 be changed from the postmark date to the received date.
56. The structure of subparts 1 and 2 reflects the differing degrees of protection afforded to the identity of an individual compared to the identity of a provider or group purchaser. When data is being published there is a requirement that the identity of any individual not be disclosed. There is no such protection for providers or group purchasers. Indeed, identifying aggregate health care outcomes by provider is a recognized means of promoting informed patient choice. The mechanism set out in subpart 2 for providing notice and publishing responsive comments fully protects the legitimate interests of providers and group purchasers.
57. The MMA suggested that any publication of results take into account clinical risk factors. These factors provide a context for information about providers and group purchasers and would tend to eliminate mischaracterization of the quality of health care provided. The Department agreed with the suggestion and modified subpart 1 to require that the Commissioner ensure that publication of research results contains adjustments for risk when providers or group purchasers are identified. The modification ensures that providers and group purchasers are not put in a false light by comparing outcomes between different populations.
58. MMA, CCHC, and other commentators requested more public accountability in the use of the database. In response, the Department proposed a new subpart 4 that states:
Subp. 4. Reporting uses of data. No later than July 15, 2005 and annually thereafter, the commissioner will publish a report that describes the uses of the data collected under parts 4653.0100 to 4653.1300. At a minimum, the report will be distributed to the data use committee and must include summaries of each of the following:
A. membership of the data use committee according to part 4653.0600;
B. status of the submission of administrative billing data by group purchasers under part 4653.0300;
C. completed research projects, including information on how to get a copy of the resulting analysis;
D. research projects in progress including a projected completion date;
E. internal uses of data according to each item under part 4653.0500, subpart 1; and
F. public use data released under part 4653.0800;
G. variances granted under part 4653.1000;
H. data elements added or deleted from the data collection according to part 4653.0200, subpart 8; and
I. survey activity and potential sources of administrative billing data according to part 4653.1300.
59. The addition of subpart 4 assures that the use and oversight of the database will conducted in full public view. This degree of oversight directly addresses concerns that the database could be used to improperly invade the privacy of individuals. As modified, part 4653.0700 has been shown to be needed and reasonable. The Department may wish to remove the word “and” appearing at the end of subpart 4, item E, as that word is surplusage and may cause confusion. Requiring identification of risk factors where providers or group purchasers are identified and adding a reporting requirement for use and oversight of the database does not render the rule substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.0800 – Procedures for Release of Data
60. One means of using the data gathered for the database is through the compilation of summary data. Summary data is the aggregation of information on many persons so that no one person can be identified within that aggregation. The Department is expressly authorized to release such compilations for research purposes by Minn. Stat. § 62J.321. subd. 5(d). In such instances, privacy interests are protected by the removal of any information that could lead to the re-identification of the individual within the summary data. Proposed rule part 4653.0800 sets out how the Department would remove identifiers to ensure that the summary data released meets the statutory definition of summary data.[59]
61. The initial modification used to produce summary data is to remove identifying data from the summary. In subpart 1, the Department proposes “four practical steps” that result in summary data when applied to the proposed database.[60] The first step is to remove the identifier of an individual, provider, or group purchaser. The second step is to use calculated variables and aggregate variables to mask the particulars of the data in the database. The third step is to eliminate the race, ethnicity, and actual dates of service data from the summary produced. The fourth step is to mask uncommon diagnoses and infrequent procedures by using broader category identifiers. The Department describes these steps as “reasonable because they are commonly accepted methods to create summary data from complex data on individuals.”[61]
62. No commentator identified a specific problem with using any of the steps in subpart 1. But CCHC generally objected to the rule as not meeting the standard set out in Minn. Stat. § 62J.321, subd. 1(c), that requires encryption of patient identifiers so as to make identification of individual patients “impossible.” An obvious problem arises when one considers medical records that are linked to information such as street address, when other potentially identifying factors are present, such as gender or age. For many people (and particularly long term residents), access to a street address means that identifying an individual patient is not “impossible” as required by Minn. Stat. § 62J.321, subd. 1(c). For data made available for public use, the Department must assure that its removal of identifiers meets that standard.
63. The Department has not defined what constitutes an “identifier” as that term is used in the first step of subpart 1. Since this step is critical to the production of summary data that complies with the statute, the Administrative Law Judge finds that the term must be defined in order for the rule to avoid impermissible vagueness. Without greater specificity, the proposed rule is impermissibly vague. The same concerns were addressed in the federal rules governing security and privacy for health data on individuals made available to researchers. The federal rule states, in pertinent part:
Sec. 164.514 Other requirements relating to uses and disclosures of protected health information.
(a) Standard: de-identification of protected health information. Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.
(b) Implementation specifications: requirements for de-identification of protected health information. A covered entity may determine that health information is not individually identifiable health information only if:* * *(2)(i) The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed:(A) Names;(B) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.(C) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;(D) Telephone numbers;(E) Fax numbers;(F) Electronic mail addresses;(G) Social security numbers;(H) Medical record numbers;(I) Health plan beneficiary numbers;(J) Account numbers;(K) Certificate/license numbers;(L) Vehicle identifiers and serial numbers, including license plate numbers;(M) Device identifiers and serial numbers;(N) Web Universal Resource Locators (URLs);(O) Internet Protocol (IP) address numbers;(P) Biometric identifiers, including finger and voice prints;(Q) Full face photographic images and any comparable images; and
64. Using the list of identifiers set out in 45 CFR § 164.514 is one reasonable means of clarifying what identifiers must be removed from the data in the first step of subpart 1 when summary data is generated by the Department. Since the federal rule is designed to govern all health data, rather than just billing data complying with the HIPAA standard, there are many more items on the list than are even available through Minnesota’s proposed database. The federal standard can be incorporated by reference in subpart 1, or the Department can add a definition of “identifier” that incorporates the specific data elements collected under these rules that also appear in the federal rule. Either change cures the vagueness defect and ensures that the Department that is appropriately removing identifying data when producing summary data. Neither suggested modification renders the rule substantially different from that which was proposed originally and published in the State Register.
65. Subpart 2 sets out the manner in which requests made for access to public use data. Subpart 3 requires the Commissioner to review the request within three business days and to provide an estimate as to when the request can be answered. Where the Commissioner determines that the data request can directly or indirectly result in identifying an individual, provider, or group purchaser, the request must be denied. Item C of subpart 3 clarifies what is meant by “indirectly identifying” by including the potential for identifying an individual, provider, or group purchaser by linking the public use data to other databases. Subparts 2 and 3 are needed and reasonable to carry out the requirements of Minn. Stat. § 62J.321. subd. 5(d).
Proposed Rule Part 4653.0900 – Data Security
66. Proposed rule part 4653.0900 sets out the standards to be met in securing the Department’s database from inappropriate access. The rule part is divided between the duties of the Commissioner, those of the data steward appointed to oversee the day-to-day technical aspects of the database, and those of persons granted access to the database to conduct research. Each division of responsibility will be discussed individually.
67. Subpart 1 describes the duties of the Commissioner to secure the database. The Commissioner must appoint a data steward, provide and require training for all employees with any responsibility for or access to the data, require review by all appropriate staff of procedures governing access to the data, conduct security audits, and publish the results of audits within six months of each audit’s conclusion. Commentators asserted that the proposed rule failed to ensure that outside audits would be sufficiently frequent and that the results would be disclosed to ensure appropriate oversight.
68. In response to the comments received, the Department proposed to modify the audit standard to require that the security audit be conducted by an external entity and that the results be published within three months of receipt.[63] These modifications provide additional assurance that security procedures are current, adhered to by staff, and effective for protecting the data from inappropriate access. Subpart 1 is needed and reasonable as modified. The proposed modifications do not render the rule substantially different from that which was proposed originally and published in the State Register.
69. Subpart 2 sets out the responsibilities of the data steward. As proposed, these responsibilities include: limiting access to the data to employees assigned such work; maintaining audit trails to assure that only appropriate access is afforded; complying with the applicable information handling standards of federal and state statutes, federal and state regulations, and agency policies; implementing technical safeguards; monitoring security procedures; communicating restrictions to data users; overseeing access by approved users; and reporting any security breaches to the Commissioner.
70. The data steward’s responsibility to implement technical safeguards includes the explicit requirement to use firewalls, encryption, employee authorization, user authorization, and physical safeguards of data to protect against inappropriate access. As the Department described at the hearing, the procedures to be followed under this part will place the collected data, with standardized identifiers replacing patient names, in the possession of the data steward. The Department would use a computer program with an encryption key to replace the standardized identifier with a randomly-assigned case number. The encryption key would then be stored apart from the data in a secure location. A copy of the data will be maintained to secure against loss of the database. This copy will be physically isolated in a secure location.[64] The physical location of the database (with the randomly-assigned case identifiers) will be secured against unauthorized access. The computer containing the database will not be connected to any network with access to the Internet.
71. CCHC asserted that the data encryption requirement was meaningless, since the encryption key would be in the possession of “hundreds, if not thousands of individuals….”[65] The encryption process described by the Department has two steps. The first step is the replacement of patient names with a unique code. This code would replace names (including nicknames) with “standard” names, truncate the names, and append other unchanging identifying information to create a unique identifier, called a data unification key.[66] Since this unique code is applied by every required reporter of billing data, the software to associate the patient information with that code must be widely available. But these same entities generating that code are those already handling an individual’s healthcare data. These entities already have access to much more personal data than called for in these rules. These entities are already bound by the privacy requirements that apply to all healthcare data. There is no defect in the proposed rule to require that the reporting entities initially process the data to assure that a data unification key is used.
72. The Department described the second step of the encryption process at the hearing. Upon receipt by the Department, that data unification key and the associated data would be processed by another computer program that would replace the key with a table of randomly-generated numbers (known as the “case number”).[67] The Department would then destroy the copy of the data associated to the key. At this point in the process, the health care data is identified by a randomly-generated number, not a name or code derived from identifying data. It is this second step in the encryption process that actually removes the connection between the individual and the data made available to researchers for projects reviewed by the Data Use Committee and approved by the Commissioner.
73. The comments made by many members of the public indicated a widespread concern that patient names, connected with their data, would be available to researchers. Others expressed concern that the various computers containing this information could be improperly accessed (“hacked”) and the data re-identified.
74. In situations where the patient’s name and address are supplied to the Department, the Department responded to the suggestions that the rule should explicitly require the replacement of the individual’s name with the randomly assigned case identification and enhance protection of the identity of individuals. The Department proposed to modify subpart 2 to explicitly require that the data steward replace both the names and street addresses of individuals whose data is included in the database with a “record identification code.” That code would be linked to the randomly assigned case number used to keep individual data separate and anonymous. The Department proposed to add an item K requiring that all data that links the record identification code and the randomly-assigned number be kept on separate computers. The effect of this change is to totally remove the name and street address of each person from the database that is made available to researchers. This process creates an additional layer of anonymity that protects individuals from any potential disclosure and meets the standard of Minn. Stat. 62J.321, subd. 1(c).
75. Subpart 2, with the modifications proposed by the Department, is needed and reasonable to ensure that the fundamental right of individuals to privacy is protected. The Department should consider expressly stating that encryption of the sort described in Minn. Stat. § 62J.55(a) will be applied to the collection of names and addresses replaced with record identification codes. The proposed modifications do not render the rule substantially different from that which was proposed originally and published in the State Register.
76. Subpart 3 lists the data security obligations of those persons granted access to the database to conduct research. This access is to the database is overseen by the Data Use Committee and the Commissioner, who review and approve requests for access under part 4653.0500. In addition to obtaining approval under that process, the researcher must agree to a contract with the Commissioner binding the researcher to terms governing the access to, use of, and distribution of, information obtained through the database. The safeguards applied to the database and reviews of each research request are designed to prevent any release of identifying data. Subpart 3 ensures that the obligation to not identify individuals passes through to each researcher, even though the opportunity to identify individuals should not exist due to the other privacy protections in the rules. The privacy interest of individuals justifies adding this further layer of protection, even though it may never be truly necessary in the day-to-day use of the database. Subpart 3 is needed and reasonable as proposed.
Proposed Rule Part 4653.1000 – General Variance
77. A variance procedure is set out in proposed part 4653.1000. The variance procedure allows for the collection of data in a manner different from the rule requirements, where that collection can be done in a more cost effective manner. Before a variance can be granted, the Commissioner must consider whether all the security and privacy protections will be met and the research goals attained with the alternative method. In addition, the rule limits contracts or grants with a public sector entity for ongoing data collection under this part to $20,000 per year. One commentator suggested that inflation be accounted for in the total amount available for the contract or grant. The Department agreed with the suggestion and added language providing for an ongoing adjustment for inflation. The variance provision affords the opportunity to demonstrate that the data sought can be obtained less expensively than under the terms of these rules. This is the sort of performance-based rulemaking that the Legislature has promoted through Minn. Stat. § 14.002. Part 4653.1000 is needed and reasonable, as modified. The proposed modifications do not render the rule substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.1100 – Variance for Collection of Hospital Data from Minnesota Hospital and Healthcare Partnership
78. In addition to the general variance provision, the Department has proposed a variance provision for any hospital that submits its information to the MHHP. This variance provision, in proposed rule part 4653.1100, is triggered by MHHP’s submission of data meeting the standards of these rules to the Department. This variance provision is intended to reduce costs and prevent duplication of effort.[68] Part 4653.1100 is needed and reasonable as proposed.
Proposed Rule Part 4653.1200 – Data Submission Manual
79. The anticipated collection of data will require coordination of time, technology, and personnel between the Department, providers, and group purchasers. In order to accomplish this needed coordination, the Department proposes to issue a data submission manual for use by MHHP, group purchasers, and providers that are providing the data required under these rules. The general content areas of the manual are set out in proposed rule 4653.1200. These areas include submission schedules, methods for data transfer, formats for information, data coding specifications, authentication specifications, encryption standards, and criteria to prevent duplication of data. The final item specified for inclusion in the manual is “any other instructions for the submission of data that do not impose substantive requirements other than requirements contained in statute or rule.”
80. A number of commentators objected to the proposed manual as setting standards that must adopted through the rulemaking process. Failing to do so, these commentators assert, results in the manual being an unpromulgated rule. The Department described its reasons for proposing a manual, as opposed to expressly setting technical requirement in the rule, as follows:
Subpart 2 defines the minimum contents of the manual. It is not reasonable for data submission methods, and authentication and encryption specifications to be detailed in the rules due to the impact of the ever-changing nature of technology. If this were done, there is a real risk that obsolete technology would have to be used in the future solely because that old technology would be required by rule. This is especially dangerous in the case of encryption methodology. Therefore, it is necessary to include technical submission information in a manual because it may be updated as needed to industry best practices with input from data submitters.[69]
81. The Department has demonstrated that the nature of the information to be included in the manual is sufficiently temporary to be appropriate for a manual, rather than adopted by rule. Part 4653.1200 sets out the contents of the manual with sufficient specificity to adequately limit the Commissioner’s discretion in making any particular reporting obligation through the manual, rather than by rulemaking. This limitation is well expressed by the final item, that limits any manual instruction to that which does not impose substantive requirements not already contained in law or rule. The only changes proposed to this rule part are to conform cross-references to other rule citations that have changed in this proceeding. Part 4653.1200 is needed and reasonable, as modified. The proposed modifications do not render the rule substantially different from that which was proposed originally and published in the State Register.
Proposed Rule Part 4653.1400 – Data Collection for Excluded Group Purchasers
82. The Department acceded to the request of the Insurance Federation to expressly exclude certain group purchasers from the data collection requirements of this rule. The Department indicated that, in discussions with the Insurance Federation, agreement was reached on the need to discover a cost-effective means of including the data from exempt group purchasers in the database.[70] To address this need, the Department agreed with the Insurance Federation that a new rule part should be added. The Department proposed to add part 4653.1400, which states:
The commissioner must investigate the feasibility of collecting administrative claims data from group purchasers excluded under 4653.0300, subpart 12. The commissioner must consult with the affected group purchasers to:
A. determine the extent of claims processing services done for group purchasers excluded under 4653.0300, subpart 12; and
B. compare the data elements available from group purchasers excluded under 4653.0300, subpart 12, with the data elements required under part 4653.0200, subparts 2 and 3; and
C. determine cost implications of requiring data submission to the commissioner for group purchasers excluded under 4653.0300, subpart 12.
83. The proposed rule part reflects the existing power of the Commissioner to investigate data collection opportunities and imposes no significant burden on exempted group purchasers. Performing the described investigation has been shown to be needed and reasonable. The Department should consider altering the references to the entire rule (that currently state “parts 4653.0100 to 4653.1300”) to reflect that the rule part now ends at part 4653.1400. The proposed modifications do not render the rule substantially different from that which was proposed originally and published in the State Register.
84. Under Minn. Stat. § 14.14, subd. 2 (2000), and Minn. Rule 1400.2100 (1999), one of the determinations that must be made in a rulemaking proceeding is whether the agency has established the need for and reasonableness of the proposed rule or rule repeal by an affirmative presentation of facts. An agency need not always present adjudicative or trial-type facts in support of a rule. The agency may rely on legislative facts, namely general facts concerning questions of law, policy and discretion, or it may simply rely on interpretation of a statute, or stated policy preferences.[71] In addition to its affirmative presentation, the statute allows the agency to rely upon facts presented by others on the record during the rule proceeding to support the proposal.[72]
85. The question of whether a rule is needed focuses upon whether a problem exists that calls for regulation. In an early case after the requirement of establishing need and reasonableness was first enacted, the Chief Administrative Law Judge adopted the rationale that in establishing the need for a rule "the agency must make a presentation of facts that demonstrates the existence of a problem requiring some administrative attention."[73] An agency can demonstrate need for proposed rules by showing that legislation directs that action requiring rulemaking be taken in an area.
86. The question of whether a rule has been shown to be reasonable focuses on whether it has been shown to have a rational basis, or whether it is arbitrary, based upon the rulemaking record. Minnesota case law has equated an unreasonable rule with an arbitrary rule.[74] Arbitrary or unreasonable agency action is action without consideration and in disregard of the facts and circumstances of the case.[75] A rule is generally found to be reasonable if it is rationally related to the end sought to be achieved by the governing statute.[76] The Minnesota Supreme Court has further defined the agency's burden in adopting rules by requiring it to "explain on what evidence it is relying and how the evidence connects rationally with the agency's choice of action to be taken."[77]
87. An agency is entitled to make choices between possible approaches as long as the choice it makes is rational. A rule cannot be said to be unreasonable simply because a more reasonable alternative exists, or a better job of drafting might have been done. If commentators suggest approaches other than a rational one selected by the agency, it is not the proper role of the Administrative Law Judge to determine which policy alternative presents the "best" approach since this would invade the policy-making discretion of the agency. The question is rather whether the choice made by the agency is one a rational person could have made.[78] The Agency is free, however, to opt for a "better" proposal that arises during the rulemaking process, subject to the limitations set forth in Conclusion 9, below.
88. In addition to need and reasonableness, the Administrative Law Judge must assess whether the agency complied with required rule adoption procedures, whether the rule grants undue discretion, whether the agency has statutory authority to adopt the rule, whether the rule is unconstitutional or illegal, whether the rule improperly delegates agency authority to another, and whether the proposed language is not a rule.[79]
89. Where changes are made to the rule after publication in the State Register, the Administrative Law Judge must determine if the new language is substantially different from that which was proposed originally.[80] The standards to determine if the new language is substantially different are found in Minn. Stat. § 14.05, subd. 2 (2000). Pursuant to that statute, a modification does not make a proposed rule substantially different if the differences are within the scope and character of the matter announced by the agency in its notice of intent to adopt rules, the differences are a logical outgrowth of the notice and responsive comments, and the notice provided fair warning that the outcome of the rulemaking proceeding could be the rule in question.
Procedural Requirements
90. On July 31, 2002, the Department filed the following documents with the Chief Administrative Law Judge:
(a)a copy of the proposed rules, with a certification of approval as to form by the Revisor of Statutes;
(b)a proposed dual Notice of Intent to Adopt Without a Public Hearing Unless 25 or More Persons Request a Hearing, and Notice of Hearing if 25 or More Requests for Hearing are Received (“Dual Notice”); and
(c)a draft of the Statement of Need and Reasonableness (hereinafter referred to as the “SONAR”).
91. The Department requested approval of its proposed Additional Notice Plan on July 31, 2002. The Department proposed to provide notice to specified hospitals, third party administrators, and individuals in this Plan. The Additional Notice Plan was approved on August 2, 2002.
92. On August 14, 2002, the Department mailed the Dual Notice to all persons and associations who had registered their names with it for the purpose of receiving such notice.[81]
93. On August 19, 2002, the Dual Notice and a copy of the proposed rules were published at 27 State Register 243.[82]
94. On the day of the hearing, the Department placed the following documents in the record:
(a)the Dual Notice of Intent to Adopt Rules and proposed rules, as published at 27 State Register 243 (Ex. A);
(b)a copy of the proposed rules dated July 30, 2002, including the Revisor of Statutes approval (Ex. C);
(c)the Statement of Need and Reasonableness (“SONAR”) prepared by the Department (Ex. D);
(d)certification that a letter was mailed on August 14, 2002 to the Librarian of the Minnesota Legislative Reference Library, notifying the Librarian of the Department’s intent to adopt the proposed rules and transmitting a copy of the SONAR (Ex. E);
(e)the Dual Notice as mailed to rulemaking list and other interested parties (Ex. F);
(f)the Certificate of Mailing the Dual Notice on August 14, 2002, and the Certificate of Accuracy of the Mailing List attesting that the mailing list was accurate, complete, and current as of August 14, 2002 (Ex. G);
(g)the Certificate of Giving Additional Notice Pursuant to the Additional Notice Plan approved by the Administrative Law Judge (Ex. H);
(h)copies of written comments received by the Department relating to the proposed rules and names of those who requested a hearing on the proposed rules (Ex. I);
(i)certifications that the Dual Notice and a copy of the SONAR were mailed to certain Legislators, and that the Notice of Hearing was mailed to persons requesting a hearing with a copy of that Notice (Exs. K1-K3);
(j)a copy of the Federal Register pages containing 45 CFR § 164.512 and the Department’s unofficial version of that regulation (Exs. L1 and L2);
(k)the materials provided as part of the agency presentation made at the hearing (Exs. M-P); and
(l)a hypothetical example of the type of data represented in administrative claims databases (Ex. Q).
95. All of the listed documents were available for inspection at the Office of Administrative Hearings from the date of filing to October 31, 2002, the date the rulemaking record closed.
96. Minn. Stat. § 14.131 (2000) provides that state agencies proposing rules must include in the SONAR a discussion of the classes of persons affected by the rule, including those incurring costs and those reaping benefits; the probable effect of the rule upon state agencies and state revenues; whether less costly or less intrusive means exist for achieving the rule’s goals; what alternatives were considered and the reasons why any such alternatives were not chosen; the probable costs of complying with the rule; and differences between the proposed rules and existing federal regulations.
97. In the SONAR, the Department discussed the classes of persons affected by the rules; the probable costs to the Department, other agencies and state revenue; alternatives to the rule as proposed and why they were rejected; and the probable costs of complying with the proposed rule. With respect to the classes of persons affected by the rules, the Department described them as follows:
The proposed rule will affect the group purchasers and providers that are required to submit administrative billing data. The group purchasers affected the most are approximately 20 health plans and insurers that are members of the Minnesota Comprehensive Health Association (MCHA) and whose business accounts for 96% of the premium revenue reported to MCHA. Less affected are the group purchasers that are third party administrators (TPAs) for self-insured health plans. TPAs are not required to submit data under these rules but will be surveyed to determine the potential to include TPAs in the data collection requirements in the future. The providers affected the most by the rules are the hospitals, since no other providers are required to submit data under these rules. The Minnesota Hospital and Healthcare Partnership will be affect (sic) because MHHP currently collects administrative billing data from hospitals and will submit the data to MDH on behalf of hospitals. The proposed rules will also affect researchers, physicians, other providers, and the general public.[83]
98. The Department identified “health plans, insurers, and hospitals” submitting data under these rules as the entities bearing the cost of the rules.[84] Some commentators objected to this characterization, arguing that such entities would only pass on their costs to consumers or taxpayers, one way or another. This objection does not render the Department’s statement as untrue or defective. Oftentimes, the consumer or taxpayer ends up paying the bill. Researchers and the general public were identified as those who will benefit from the proposed rules.[85] The Department indicated that it would use the database to meet public health goals and respond to inquiries from legislators.[86]
99. The probable costs to the Department in implementing these rules were estimated at $500,000 annually.[87] The Department concluded that there would be no probable costs to any other agency and no effect on State revenues. The Department considered alternative methods of data collection to establish the database proposed in these rules.[88] None of these alterative methods are as cost-effective as the proposed rules. The Department noted that health plans and insurers estimated that they would spend “between $100,000 - $500,000 to comply with the rules.”[89] The Department noted that the estimates were not accompanied by documentation of the anticipated costs. Further the Department expressed its opinion that cost estimates include costs that arise from the federally-mandated HIPAA reporting.[90] The HIPPA costs wold have to be incurred regardless of whether these state rules are adopted.
100. The Department asserted that there are no differences between the proposed rule and existing federal regulations.[91] In these rules, the Department expressly requires reporting in the federally-required HIPAA format, and deferred compliance for specific data elements until HIPAA standards are implemented.
101. Some commentators objected generally to these rules on the ground that they are too costly. The Department has carefully tailored the proposed rules to conform to existing data format requirements and existing reporting methods. Most of the work needed to comply with these rules is already done in the ordinary course of business by providers and group purchasers. The dollar-amount of benefits derived from the research applications of the database is likely to far exceed the cost of establishing and maintaining that database. The Administrative Law Judge finds that the Department has met the requirements of Minn. Stat. § 14.131 relating to explaining impacts anticipated and alternatives considered in proposing these rules.
102. Minn. Stat. § 14.131 (2002) requires that an agency include in its SONAR a description of how it “considered and implemented the legislative policy supporting performance-based regulatory systems set forth in section 14.002.” Section 14.002 states, in relevant part, that “whenever feasible, state agencies must develop rules and regulatory programs that emphasize superior achievement in meeting the agency’s regulatory objectives and maximum flexibility for the regulated party and the agency in meeting those goals.” The Department has identified ten points of emphasis where the rule incorporates this legislative policy.[92] The use of a data submission manual, existing data collection efforts, a standard format for data, a flexible schedule for data submission, and a variance process for less expensive alternative data collection are all aspects of the rule that emphasize performance in meeting regulatory objectives. The Department has met the requirements of Minn. Stat. § 14.131 regarding performance-based regulatory systems.
103. Minn. Stat. § 14.111 (2002) imposes an additional notice requirement when rules are proposed that affect farming operations. The proposed rules will not affect farming operations and no additional notice is required.
Based upon the foregoing Findings of Fact, the Administrative Law Judge makes the following:
1. The Department of Health gave proper notice of the hearing in this matter.
2. The Department has fulfilled the procedural requirements of Minn. Stat. §§ 14.14, subds. 1 and 1a, and 14.14, subds. 2 and 2a, and all other procedural requirements of law or rule.
3. The Department has demonstrated its statutory authority to adopt the proposed rules and has fulfilled all other substantive requirements of law or rule within the meaning of Minn. Stat. §§ 14.05, subd. 1, 14.15, subd. 3, and 14.50(i)(ii), except as noted at Finding 63.
4. The Department has documented the need for and reasonableness of its proposed rules with an affirmative presentation of facts in the record within the meaning of Minn. Stat. §§ 14.14, subd. 2, and 14.50(iii).
5. The amendments or additions to the proposed rules suggested by the Department are not substantially different from the proposed rules as published in the State Register within the meaning of Minn. Stat. §§ 14.05, subd. 2, and 14.15, subd. 3, and Minn. R. 1400.2240, subp. 7.
6. The Administrative Law Judge has suggested action to correct the defects cited in Conclusion 3 as noted at Finding 63.
7. That due to Conclusion 3, this Report has been submitted to the Chief Administrative Law Judge for his approval pursuant to Minn. Stat. § 14.15, subd. 3 or 4.
8. Any Findings which might be properly be termed Conclusions and any Conclusions which might properly be termed Findings are hereby adopted as such.
9. A Finding or Conclusion of need and reasonableness in regard to any particular rule subsection does not preclude and should not discourage the Department from further modification of the proposed rules based upon an examination of the public comments, provided that no substantial change is made from the proposed rules as originally published, and provided that the rule finally adopted is based upon facts appearing in this rule hearing record.
Based upon the foregoing Conclusions, the Administrative Law Judge makes the following:
IT IS HEREBY RECOMMENDED: That the proposed rules be adopted, except where noted above.
Dated this 2nd day of December, 2002.
|
|
|
ALLAN W. KLEIN |
|
Administrative Law Judge |
|
|
Reported: Tape Recorded, Four Tapes (No Transcript Prepared)
Striking an appropriate balance between personal privacy and healthcare research is ultimately the task of the legislature. To date, the legislature has chosen to allow the collection and use of data for research purposes, but only if the Department takes steps to protect individual privacy. The Administrative Law Judge has taken a “hard look” at the privacy protections in these proposed rules. He believes that the Department’s proposals do meet the standard set by the legislature; in fact, they go well beyond the minimal efforts required to comply with the statutes.
Most of the public commentators, however, disagree with the legislature’s balancing of privacy concerns and research needs. As many of them look at the pros and cons of the Department’s proposals, they strike a different balance. Many of them end up concluding that the harm that would flow from release of private information is so severe that it overwhelms whatever benefits would accrue from the database, even if the risk of release is low. They do not want their data to leave the doctor’s office without their consent under any conditions.
It is not possible to resolve all the points of view expressed in this record. There is no system of reasonable safeguards that will satisfy both the needs of the researchers and the concerns of all of the public. The legislature has struck it’s balance, and the Department has designed a system that is consistent with the legislative balance. Those people who just fundamentally disagree with the legislature’s choice must address their arguments to the legislature.
[1] 42 USC sections 1320d to 1320d-8.
[2] SONAR, at 18 (citing the Administrative Simplification Compliance Act).
[3] See Exhibit Q for an illustration of the types of data in the database.
[4] SONAR, at 8.
[5] Some persons argued that the Department lacked adequate statutory authority because much of Chapter 62J has been repealed, or activities contemplated by Chapter 62J have been curtailed. But the Legislature elected not to repeal Section 62J.301, which it could have done when it repealed other parts of the chapter.
[6] 24 State Register 1901 (June 26, 2000) (Ex. A); SONAR, at 8.
[7] SONAR, at 6-8.
[8] SONAR, at 8.
[9] SONAR, at 8; Appendix B. The rules advisory committee included 45 members representing group payors, health care providers, a citizen’s privacy group, and the Legislature.
[10] SONAR, at 8.
[11] For example, an Independent Clinical Social Worker related the story of an individual who committed suicide following the careless release of a diagnosis and prognosis. She stated that lost jobs, marriages, and custody of children have been affected by improper release of mental health information.
[12] The participating states are listed at http://www.ahcpr.gov/data/hcup/statesid.htm and links are provided to each individual state’s data collection agency.
[13] For example, long term care facilities are compared for quality of care provided using aggregate results available through http://www.medicare.gov/NHCompare/home.asp. Some results of research using existing data collection procedures can be found at the Department’s Healthy Minnesotans 2004 website, http://www.health.state.mn.us/divs/chs/phg/pdf/download.html.
[14] University of Minnesota Reply Comment, at 1.
[15] SONAR, Appendix A, at 16.
[16] Id. at 19. The specific medical conditions addressed in the pilot projects are those of widespread concern and immediate application, such as maternal child health, asthma, and diabetes.
[17] SONAR, at 2-4.
[18] Department Comment, Attachment, Potential Effect of Authorization Bias on Medical Record Research, Mayo Clin. Proc., Vol. 74 at 330 (Jacobsen, Xia, Campion, Darby, Plevak, Seltman, and Melton, April 1999).
[19] CCHC Hearing Testimony. But see footnote 5.
[20] Department Comment, at 12. A typographical error in the Comment cited a nonexistent statute, but clearly Minn. Stat. § 144.335, subd. 3b, was the intended reference.
[21] Emphasis added.
[22] Minn. Stat. § 144.335, subd. 3b.
[23] U.S. Const. Amend. IV.
[24] Department Comment, at 12.
[25] Department Testimony. As discussed in a foregoing Finding, 30 states share the data collected with the AHRQ.
[26] Whalen v. Roe, 429 U.S. 589 (1977).
[27] Id.
[28] Schedule II drugs are often abused, due to their potency and addictive nature.
[29] Whalen, 429 U.S. at 593.
[30] Whalen, 429 U.S. at 595.
[31] Whalen, 429 U.S. at 589.
[32] Whalen, 429 U.S. at 605-606.
[33] United States v. Westinghouse Elec. Corp., 638 F.2d 570, 578 (3rd Cir. 1980).
[34] Lake v. Wal-Mart Stores, Inc., 582 N.W.2d 231, 235 (Minn. 1998)(holding that publicly distributing without consent a photograph that showed persons nude, when that photograph was surreptitiously obtained during film processing, could constitute the tortious invasion of privacy).
[35] It is beyond the scope of this report to determine whether an intentional release of protected data would give rise to a civil cause of action similar to Lake. But there are statutes recognizing such causes of action for release of certain types of data (Minn. Stat. § 13.08), as well as statutes imposing penalties on State employees who intentionally violate the data practices act. (Minn. Stat. § 13.09).
[36] Minnesota Council of Health Plans Comment, at 1.
[37] Id. at 2.
[38] Department Comment, at 2.
[39] Department Comment, at 2.
[40] See SONAR, Appendix A, at 11-12.
[41] CCHC Testimony, at 6.
[42] SONAR, at 34.
[43] Id.
[44] SONAR, at 34.
[45] SONAR, at 37.
[46] Department Comment, at 4.
[47] UCare Comment, at 1.
[48] SONAR, at 37.
[49] The MHHP currently collects administrative billing data on a voluntary basis from Minnesota acute care hospitals for use in a database similar that proposed under these rules. SONAR, at 47; see also http://www.mhhp.com/data/ub-92.htm.
[50] SONAR, at 38.
[51] SONAR, at 38.
[52] Minnesota Medical Association Comment, at 2.
[53] CCHC Testimony, at 6.
[54] Contained in the hearing exhibits as Exhibits L-1 and L-2.
[55] SONAR, at 40-41.
[56] Department Comment, at 4-5.
[57] Department Reply, at 3.
[58] The identification of hospitals and group purchasers is contemplated by Minn. Stat. § 62J.321, subd. 5, which also affords those entities the right to respond to research findings.
[59] That definition is set out in Minn. Stat. § 13.02, subd. 9, and discussed by the Department in its SONAR at 42.
[60] SONAR, at 42.
[61] SONAR, at 42.
[62] 45 CFR § 164.514.
[63] Department Comment, at 9.
[64] These procedures were graphically depicted in a handout made available at the hearing. The secure location was identified as a deposit box in a bank vault.
[65] CCHC Testimony, at 5.
[66] As described by the Department at the hearing, a female named Barbara A. Lee, born on October 24, 1970, would have a data unification key of BA24EE10LERA70AF19. The possibility of another person in Minnesota having the same data unification key is remote.
[67] A case number is assigned by the software to any data unification key that has no existing case number. So the first time that Barbara Lee’s data comes to the Department with the data unification key noted in the preceding footnote, the random generator would assign a case number to it, such as 38K951H302742860P3. The second time data came into the Department relating to data unification key BA24EE10LERA70AF19, the software would recognize that that person has already been assigned a randomly generated case number, and would replace the data unification key with the same case number that it assigned to the first set of data for that person. This allows for the anonymity provided by a randomly generated case number, but still preserves the ability to follow an individual’s health care over time. The ability to follow an individual’s health care over time is critical to the value of the entire project.
[68] SONAR, at 47.
[69] SONAR, at 48.
[70] Department Comment, at 4.
[71] Manufactured Housing Institute v. Pettersen, 347 N.W.2d 238, 244 (Minn. 1984); Mammenga v. Department of Human Services, 442 N.W.2d 786 (Minn. 1989).
[72] Minn. Stat. § 14.14, subd. 2 (2000).
[73] Report of the Hearing Examiner, In the Matter of the Proposed Adoption of Rules Relating to the Control of Emissions of Hydrocarbons, OAH File No. PCA-79-008-MG.
[74] In re Hanson, 275 N.W.2d 790 (Minn. 1978); Hurley v. Chaffee, 231 Minn. 362, 367, 43 N.W.2d 281, 284 (1950).
[75] Greenhill v. Bailey, 519 F.2d 5, 10 (8th Cir. 1975).
[76] Mammenga v. Department of Human Services, 442 N.W.2d 786, 789-90 (Minn. 1989); Broen Memorial Home v. Minnesota Department of Human Services, 364 N.W.2d 436, 444 (Minn. App. 1985).
[77] Manufactured Housing Institute, 347 N.W.2d at 244.
[78] Federal Security Administrator v. Quaker Oats Company, 318 U.S. 218, 233(1943).
[79] Minn. R. 1400.2100 (1999).
[80] Minn. Stat. § 14.15, subd. 3 (2000); Minn. R. 2100(C) (1999).
[81] Exhibit G.
[82] Exhibit A.
[83] SONAR, at 9.
[84] Id.
[85] SONAR, at 9.
[86] Id.
[87] SONAR, at 10.
[88] SONAR, at 11-12.
[89] SONAR, at 13.
[90] Id.
[91] SONAR, at 13.
[92] SONAR, at 13-14.