Chairman Rothstein, and members of the subcommittee, I am Bruce Kelly, Director of Government Relations for Mayo Foundation. I am testifying on behalf of Mayo and the Healthcare Leadership Council.
Mayo Foundation is a not-for-profit healthcare organization headquartered in Rochester, Minnesota. Mayo Foundation includes Mayo Clinic in Rochester, Mayo Clinic Scottsdale in Arizona, and Mayo Clinic Jacksonville in Florida, affiliated hospitals and other health care facilities, and the Mayo Health System in Minnesota, Iowa, and Wisconsin. Mayo's mission consists of patient care, research, and education.
The Healthcare Leadership Council is a coalition of chief executives from all disciplines within the health care system. It is dedicated to the achievement of a consumer-centered and quality-driven health care system for the 21st Century, built upon the strengths of the private sector - innovation, competition, and cost-effectiveness.
Mayo and the Healthcare Leadership Council strongly support the protection of patient information. We also strongly believe that the sharing of information is vital to the ability to provide high quality care, protect patient and employee safety, and carry out the missions of quality patient care, research and education. We have consistently supported uniform national standards to achieve these goals.
Today's discussion addresses the issue of consent, and these comments are limited to that issue. Both Mayo and the Healthcare Leadership Council submitted detailed comments to the Department of Health and Human Services on the topic of consent, as well as other issues of importance that this subcommittee will be discussing at later sessions. We would be happy to share those comments with the subcommittee as well.
The focus of these comments is from the patient and provider perspective, and primarily relies on examples from Mayo Foundation.
Major Points
Our testimony addresses the following major points:
Eliminate Prior Written Consent
The original HHS proposal wisely allowed healthcare providers to use and disclose patient information for treatment, payment, and health care operations without a written consent. We strongly urge HHS to return to this proposal. We believe that when patients seek treatment they have reasonable expectations that personal information will be used for legitimate purposes.
Requiring prior consent does nothing to change these expectations. All it does is create additional nuisance paperwork, and create potential problems for conscientious providers.
Examples are numerous of how prior written consent, and the ability to withdraw that consent, can have major negative effects.
Patient care - Appropriate care requires access to patient information. If a patient, or another party on behalf of a patient, refuses to consent to the use of his or her information, the care provided may not be the right care, or may harm the patient. The "right" of a provider to condition treatment upon the patient giving written consent is often meaningless within the ethical practice of medicine. In many instances, the healthcare provider is under an ethical obligation, and often a legal obligation, to render the proper care when necessary, even if a patient refuses to sign a form. The net result is that the ethical provider must provide care, but may be doing so without adequate information, may be refused payment, and may be barred from using the encounter information to examine patient safety, quality monitoring or other critical health care operations.
A common example that is likely to arise is the patient who signs a consent allowing the use of protected health information prior to a hospitalization, but then revokes the consent while hospitalized. Ethically and legally, the healthcare provider must continue to treat the patient, but in order to meet the requirements of the privacy standards, would be required to do so without the benefit of the medical information derived prior to the revocation. This places the provider in an untenable ethical and legal position and puts the patient at risk.
The need for prior consent also creates major problems and inconveniences for patients who provide information prior to receiving treatment. Many patients send us medical records in advance of an appointment. We in turn often schedule particular appointments and tests based on information provided by the patient or a referring physician. Every time a patient calls for an appointment, some information must be requested verbally in order to set up the appointment in the right department for the patient's particular situation. Similar problems arise in the case of pharmacies. As the HHS Guidance document notes, unintended consequences of the rule would preclude pharmacists from filling prescriptions until written consent is obtained, and would prohibit phoned-in prescriptions without prior consent. The problem also rises when refills are needed after the date this rule becomes effective.
At this point, we also need to specifically comment on one of the questions posed by the subcommittee to the panelists. The question relates to the potential for expanding the consent requirement to "indirect treatment relationships", such as consultations and referrals. Mayo commented to HHS on this issue in relationship to the "minimum necessary" standard, but a few comments are warranted here as well. Mayo is perhaps the best example of the need for information to freely flow to all those involved in a patient's treatment. Mayo is a fully integrated multi-specialty group practice. The medical record is the tool that makes this model work. We use a unit medical record that includes all the patient's information in one record. The integrated practice and unit record have been hallmarks of Mayo for over 100 years. All information must be available to assure continuity of care. Each Mayo caregiver relies on the information generated by his or her colleagues. Any attempt to expand consent requirements to apply to "indirect treatment relationships" would be directly contrary to this highly effective model of care, and would be a step in the wrong direction.
Affront to patients - The whole model of confronting patients "up front" with consent requirements is bad medical practice. Many patients arrive for care in a state of pain, anxiety, confusion or even panic. They are worried about themselves or their family members. We do not think the first thing that these patients should have to face is a 10-page summary of information practices and a demand for a signed consent before we can even ask the patients what their problem may be. This immediate obligation for the patient has a high likelihood of damaging the physician-patient therapeutic relationship. The current number of patient-completed forms for regulatory purposes is already burdensome to patients and providers alike. The increasing demand placed on patients will likely lead to hastily completed forms and potentially inaccurate information that may impair the goal of patient care. Many others will sign everything put in front of them without reading any of it. This is a waste of everyone's time and resources.
Health care providers are advocates for their patients. We do not want to be put into an adversarial relationship with our patients as they walk through our doors seeking care.
Third Party Payments - We would note that some patients on some occasions do not want a claim sent to an insurance company or other third party payer. Dealing with this concern does not require the overkill of requiring prior consent for treatment, payment, and health care operations. Current mechanisms of insurance authorizations and assignment of claims are sufficient to deal with this occasional type of request.
Revocation of Consent
If a patient decides to revoke his or her consent, all the same issues raised in the above examples will also come into play. A patient who was unhappy with an outcome could be the most likely example of a patient who will withdraw consent to use information. This creates the situation where the very cases that could most benefit from review as part of health care operations, for safety and quality monitoring, may be the cases where access to information is revoked.
We recommend that the right to revoke consent not apply to categories of information that are necessary for treatment and certain health care operations. Those categories would include patient and employee safety, quality, certain population-based activities, peer review, employee performance review, education and training, accreditation, certification, licensing, credentialing, medical review, legal services, auditing, compliance, resolution of internal grievances, and similar activities that require complete information.
Similarly, we believe the revocation cannot be applied to information that has "migrated" into various systems beyond the individual record. For example, at Mayo we have a number of registries for various diseases and procedures. These registries are used for quality control and improvement purposes. It would be extremely difficult to go into all these types of systems to extract information after a revocation of consent, and would also dilute the usefulness of the registries for quality purposes.
As the HHS Guidance document also notes, providers must be allowed to rely on consent for payment purposes, even if the consent is later revoked.
Past Records
The requirement for prior consent creates a huge problem for providers who have large numbers of past records. There is no way to contact the millions of patients whose records are held by providers. Thus, on the implementation date of this rule, these millions of records will become a paper wasteland that providers cannot access, unless the patient again presents for treatment. Mayo Foundation provides medical care to more than 300,000 patients annually, and has millions of patient records. Access to the information in these records is absolutely necessary for the continuing operation of quality improvement, patient safety, education and training, and billing systems.
The guidance document from HHS recognizes this problem, but the suggested solution is not sufficient. The guidance suggests that any authorization for treatment, payment, or health care operations will meet the requirement of the rule, until the patient presents again for treatment. At Mayo, for example, we probably have payment authorizations for most of our past records, but to try to cull through all these records to identify the few where no authorization exists will not be possible. Other providers, for example pharmacists, may not have any previous authorizations.
Need for Revised Rule
The changes required to truly make this rule workable must be made through a revised rule, and the revisions must be promulgated quickly. While the HHS Guidance document was helpful on some points, it also recognized that many unintended consequences resulted from the rule, and acknowledged that the rule must be revised. Guidance alone cannot fix all the problems. It is also imperative that the changes are made quickly, as covered entities are gearing up for implementation of this far-reaching rule. We need to know what the real rule is, as soon as possible.
Thank you for the opportunity to present these ideas to the subcommittee today.