When the state of Minnesota, amid the coronavirus pandemic, demanded “near real-time” information, including the name, address, birth date, symptoms, diagnosis, age, gender, race, ethnicity, city and zip code of every hospital patient, a patient-rights group protested.
The Citizens’ Council for Health Freedom first asked state Health Commissioner Jan Malcolm to withdraw her requirement, which the CCHF contends is illegal.
Then the group organized more than 1,500 petitions to Democratic Gov. Tim Walz, urging him to rescind Malcolm’s demand.
Now the organization has written a letter to each of the 130 hospitals in the state, reminding them “of their legal obligation to disregard the April 3rd Minnesota Department of Health Notification Letter.”
CCHF said the state “unlawfully demands that hospitals transfer detailed Admission, Discharge, and Transfer (ADT) data on all hospitalized patients to the government – with or without a COVID-19 diagnosis.”
CCHF told the hospitals: “Because the Minnesota Department of Health lacks specific authority in Minnesota law to mandate the reporting and collection of ADT data on all hospitalized patients, we strongly urge all Minnesota hospitals to refuse to set up the interface requested by MDH and to refuse to submit any data unrelated to a COVID-19 diagnosis. We also strongly urge hospitals to comply with the legal requirement of Minnesota law by refusing to share this patient data without obtaining express patient consent, as required by Minnesota Statute 144.293.”
The letter said the state requirement “falsely suggests that all hospitals need to connect to MDH and submit comprehensive admission, discharge, and transfer data.”
The state plan was “to establish this surveillance system, and to do it without obtaining the patient consent required by Minnesota Statute 144.293.”
The letter informed hospital managers that state lawmakers already have expressed concern about the plan.
Rep. Peggy Scott of the House Committee on Judiciary, Finance and Civil Law warned: “Any interest the Minnesota Department of Health has in a new surveillance system, should be proposed in full to the legislature. Failure to do so is an overstep of the executive branch and prohibits a robust analysis and debate with public hearing and input about costs of such a plan, the full list of conditions MDH might want to surveil, a comprehensive accounting for the patient data sets that will be included, patient consent, and the plan to maintain security and integrity of private, personal data.
“We strongly urge hospitals to obtain patient consent before sharing any patient data with MDH,” she continued.
The letter explained the lawmakers believe private data cannot be shared without patient consent, and CCHF agrees.
“[State law] clearly requires patient consent prior to sharing information with anyone – including MDH – unless specifically authorized in law,” CCHF told the hospital chiefs.
Further, MDH’s claims “that HIPAA allows this sharing of patient data for public health purposes are false because” the federal law states that a state privacy law that is more protective of privacy requirements preempts the federal rule and “must be applied.”
“HIPAA specifically authorizes stronger state privacy laws to supersede the weak federal HIPAA rule. Since the Minnesota Health Records Act is the strongest privacy and consent law in the nation, MDH must follow this state law. The department has no authority to compel hospitals to share medical records with the government without patient consent,” Brase stated.