WASHINGTON, DC 20005
TELEPHONE: 202/452-8444
FAX: 202/429-4519
|
655 15TH ST, NW, SUITE 700 WASHINGTON, DC 20005 TELEPHONE: 202/452-8444 FAX: 202/429-4519 |
February 17, 2000
U.S. Department of Health and Human Services
Assistant Secretary for Planning and Evaluation
Attention: Privacy-P, Room G-322A
Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, DC 20201
Re: Standards for Privacy of Individually Identifiable Health Information
Dear Sir or Madam:
The Food Marketing Institute (FMI) respectfully submits the following comments in response to the proposed regulations from the Department of Health and Human Services (HHS) that would establish standards for the protection and confidentiality of individually identifiable health information maintained or transmitted in electronic form. 64 Fed. Reg. 59918 (November 3, 1999).
For your information, FMI is a non-profit association conducting programs in research, education, industry relations and public affairs on behalf of its 1,500 members and their subsidiaries. Our membership includes food retailers and wholesalers, as well as their customers, in the United States and around the world. FMI's domestic member companies operate approximately 21,000 retail food stores with combined annual sales volume of $220 billion, which accounts for more than half of all grocery store sales in the United States. FMI's retail membership is composed of large multi-store chains, small regional firms and independent supermarkets. Our international membership includes 200 members from 60 countries.
Within FMI's retail membership ranks we have some 123 companies that are presently operating 6,500 in-store pharmacy departments. Based on current industry trends toward larger store formats and the convenience of one-stop shopping, we anticipate that the number of pharmacies located in supermarkets will continue to increase in the coming years. In 1998, the most recent year for industry statistics, supermarket pharmacies accounted for approximately $12 billion in outpatient prescription drug sales, which is about 11 percent of the retail market for prescription drugs in the United States.
FMI has a strong commitment to privacy issues and, in this regard, has developed a policy statement regarding the use of consumer data, including pharmacy information. A copy of our statement is enclosed for your reference.
The HHS proposed regulations on the confidentiality of medical records will affect the supermarket industry significantly in two key areas. The first is the regulations' impact upon grocery stores and supermarket companies as employers. FMI estimates that 3.3 million individuals are employed in the supermarket industry, and it is readily apparent that the Department's rulemaking will affect food retailers in numerous employer-employee situations, such as employer health insurance plans, workers compensation obligations, hiring policies, accommodation issues under the Americans with Disabilities Act (ADA), wellness programs, employee leave, and a host of other employee benefit programs. In this regard, it is FMI's concern that the Department's proposed regulations may complicate the administration of employee benefit programs and increase their costs as employers attempt to sort out conflicting and potentially burdensome requirements between policies that would be established by the rulemaking and existing laws at both the state and federal levels.
The second major effect of the Department's proposed rulemaking is how it will impact upon supermarket companies that operate in-store pharmacy departments. While the proposed regulations would allow covered entities, such as pharmacists, to use and disclose health information for treatment, payment and health care operations without specific authorizations, this medical privacy initiative raises a series of new issues which are likely to make it more difficult for community pharmacists to provide health care products and services to patients in a timely and cost-effective manner. For these reasons, FMI appreciates the opportunity to submit comments to HHS on the following aspects of the proposed regulations.
GENERAL COMMENTS
FMI strongly supports the important goal of protecting the confidentiality of individually identifiable health information that is maintained or transmitted in electronic form. In fact, FMI is on record with the Congress as endorsing a national standard to protect the integrity and confidentiality of a person's medical information. In this context, we wish to express our industry's support for the Department's proposed regulations if this rulemaking will result in a single, national standard governing the confidentiality of medical records, or if the HHS rulemaking provides strong incentives for state governments to harmonize their medical privacy laws with the Department's final regulations. In our view, the only way to achieve a high level of compliance with respect to safeguarding sensitive medical information is to have a single national standard.
While it appears that the Health Insurance Portability and Accountability Act of 1996 (HIPPA), Public Law 104-191, may not allow the promulgation of a final regulation that would preempt state laws that provide greater privacy protections to medical records, we believe the Department should serve as a clearinghouse to advise employers and covered entities as to which State privacy laws are not preempted by the rulemaking.
Additionally, FMI is disappointed that the HHS regulations do not provide any guidance on the relationship of its medical privacy rulemaking with other major federal laws governing privacy, such as the Americans with Disabilities Act (ADA), Medicare and Medicaid, and the Occupational Safety and Health Act (OSHA), as well as international laws, such as the European Union Directives. In this regard, HHS should harmonize its rules with these initiatives so that employers and covered entities are not confronted with multiple layers of conflicting privacy requirements. Lacking a single standard on medical privacy and absent any guidance from HHS as to which state laws are more stringent than the Department's privacy rules, it is FMI's opinion that HHS has failed to meet its statutory mandate to simplify and improve the efficiency of the administration of our health care system with regard to medical privacy.
Moreover, the HHS proposal fails to make important distinctions in terms of which types of electronic records would be covered. Obviously, individual medical records should be afforded protection by this initiative, but electronic information relating to employer-employee management decisions and certain employer provided benefits should be excluded.
While the HHS proposed regulations provide clarity in certain areas, the rulemaking is often vague and confusing, which will make compliance extremely difficult for the supermarket industry as employers and as health care providers. In our view, much of the confusion as to the breadth and scope of the regulations could be eliminated if the Department would revise its definition of "covered entities" to mean those entities that are primarily or exclusively engaged in health care-related activities as a health plan, health care provider, or health care clearinghouse.
APPLICABILITY
Covered Entities: Under the proposed regulations, "covered entities" include health care providers. A health care provider is defined as any person or organization that furnishes, bills or is paid for health care services in the normal course of business. We are concerned that this definition might be interpreted broadly and request that the Agency clarify the scope. For example, as a condition of employment, many employers require applicants to take a physical examination or a drug test. An employee medical examination, such as a fitness-for-duty exam or a drug test, should not be considered health care services under these rules. As these activities are not part of our members' "normal course of [supermarket] business," we would not expect these activities to be health care services that would, alone, render an employer a health care provider. Therefore, we urge HHS to clarify that employment-related medical examinations and drug testing are not "health care services" within the meaning of the regulation.
Furthermore, some employers offer employees health-related benefits, such as special classes on wellness, nutrition, diet, and smoking cessation. Information about employee participation in these programs may be captured electronically. These are benefits that employers want to provide to their employees as benefits and as investments in their employees' long-term health, however, if they render an employer a "health care provider," with all of the attendant administrative obligations, employers might be deterred from offering them. Therefore, if these benefits are not part of the employer's ordinary course of business, they should not properly be considered health care services. We recommend that HHS explain this aspect of the regulations.
Similarly, the proposed regulations lack specific guidance for employers that offer various health care benefits to their associates. While the Department's proposed regulations appear to cover all health insurance plans provided by employers, the rulemaking is somewhat vague as to whether an employer automatically becomes a covered entity or a health care component by virtue of the fact that the employer provides health insurance coverage. In other words, while the proposed regulations make it clear that an employer who operates a self-funded health plan or who has an on-site clinic would have a health care component, it is not clear whether an employer who simply provides health insurance coverage for its employees would also be a covered entity or have a health care component. We would not expect the regulations to apply to an employer who provides health insurance coverage for their employees if the employer has no access to individually identifiable health information that would be created or received by the health insurance carrier. Therefore, the regulations should be clarified in this regard.
FMI would further recommend that HHS specify in its regulations that pharmacy benefit management companies (PBMs) are covered entities. PBMs play a prominent role in the delivery of prescription drug benefits to patients through managed care networks. Among other things, PBMs offer a wide range of services, including claims management, formulary development, drug use review, case management, outcomes management, generic substitution programs, patient profiling and on-line prescription information reporting systems. Based in the important functions that PBMs provide for their customers, including retail pharmacies, PBMs should be considered covered entities in this rulemaking so that they may use and disclose protected health information without having to obtain individual authorization.
DEFINITIONS
Transactions: The Department's proposed regulations are not precise with respect to health care payments. While the regulations would cover health care payments that are transmitted electronically, FMI believes that cash payments for health care, such as the sale and dispensing of prescription drugs to patients, are clearly outside the purview of this initiative. We request HHS to clarify in its final rules that cash payments for health care and any medical information that is generated, maintained or transmitted as a result of such transactions are not governed by the rulemaking.
DEFINITIONS
Business Partner: The Department's proposed rulemaking would establish the term "business partner" to mean a person to whom a covered entity discloses protected health information so that the person can carry out, assist with the performance of, or perform on behalf of, a function or activity for the covered entity. The proposed regulations would require covered entities to apply many of the privacy requirements to their so-called business partners through contract enforcement. In this regard, covered entities would be required to monitor the use of protected health information by business partners and to mitigate any harm caused when a business partner improperly disclosed protected health information. The regulations give the impression that a covered entity has an ongoing or continuous obligation to monitor its business partners in order to prevent and correct violations involving the use and disclosure of protected health information.
The inclusion of business partners as part of any final regulation clearly exceeds the Department's authority under HIPAA. There is no reference or language on business partners in the law, and HHS readily admits in the preamble that it does not have this authority. See 64 Fed. Reg. at 59924. HHS should not attempt to harness private sector relationships to accomplish regulatory ends that are beyond the Agency's statutory authority. The result will be poor public policy and fouled private business. Therefore, FMI urges HHS to delete the concept of "business partners" and the attendant regulatory requirements from the rulemaking.
HHS disingenuously states that the Agency does not intend to interfere with business relationships in the health care industry. 64 Fed. Reg. at 59925. Regulations that require the inclusion of certain contractual provisions that assess liability and impose duties on the parties are commercial interference, per se. FMI opposes these requirements and the increased liability that would result for making covered entities responsible for violations of the privacy requirements that are committed by so-called business partners. Private contractual relationships are premised on a wide variety of factors; HHS should not, by administrative fiat, dictate with whom employers must contract based on a single issue that HHS does not even have the statutory authority to regulate.
Our industry has other major concerns regarding the inclusion of business partners in the rulemaking. For example, the Department's regulations would require a covered entity to establish formal contractual arrangements with its business partners, and covered entities would be liable for certain violations of the Department's medical privacy requirements. Such an obligation on the part of a covered entity is unreasonable. With respect to the issue of a covered entity mitigating any harm caused when a business partner violates the regulations' use and disclosure requirements, we believe that this obligation imposes unlimited risk on a covered entity. For example, would a covered entity be held liable if its business partner subcontracts a function with another business partner that commits a medical privacy violation? If so, how would a covered entity police such subcontractors? Such monitoring would be impossible for covered entities to effectuate, and, yet, they would be subject to substantial liability for any failures of their business partners.
FMI is further troubled by the proposed regulations' stipulation that covered entities must include a third party beneficiary provision in their contracts with business partners. Proposed 45 C.F.R. § 164.506(e)(2)(ii)(A). Such language would effectively grant a private right of action to sue a covered entity for violations of the rules that have been committed by the covered entity's business partner. The Department notes at the outset that Congress did not grant a private right of action to individuals and, indeed, HHS states that it will continue to urge Congress to change the law in this regard. However, as Congress did not provide for a private right of action in this case, the Department cannot by "back door" regulation create enforcement mechanisms for which the legislature did not provide.
For the foregoing reasons, FMI urges HHS to remove the "business partner" construct and the attendant legal and administrative obligations from any final rule that is issued.
DEFINITIONS
Health Care Operations: HHS is proposing the term "health care operations" to clarify the activities that would be considered to be compatible with and directly related to treatment and payment, and therefore would not require an individual's authorization for the use and disclosure of protected health information. In terms of supermarket pharmacies, FMI recommends that the health care operations provisions of the regulations specifically reference the various activities that are associated with the dispensing and sale of prescription drugs to patients, including compliance or refill reminder programs, formulary management and drug utilization reviews, as well as other activities that are designed to promote health care and to enhance patient outcomes.
Additionally, FMI urges HHS to specifically reference the services provided by pharmaceutical benefit management companies (PBMs) under health care operations. PBMs have become an intergal part of managed care and the delivery of prescription drug benefits to millions of patients in the United States. PBMs perform a wide range of services for community pharmacies and other segments of the pharmaceutical industry. These services include among other things formulary development, claims management, drug utilization review (DUR), case management, outcomes management, interventions, patient profiling and patient education. In this regard, FMI firmly believes that the services provided by PBMs are health care operations and should be included in the regulations.
DEFINITIONS
Health Care Provider: Under the proposed regulations, pharmacies are considered health care providers because pharmacies sell and dispense prescription drugs. In this context, FMI would presume that a pharmacist would also be considered a health care provider under the HHS rulemaking in that the pharmacist is licensed to practice pharmacy and dispense legend drugs to patients. In addition, there are other employees in the pharmacy that assist the pharmacist, such as technicians and cashiers. Depending on state pharmacy licensing laws, technicians may or may not be licensed, while cashiers are not subjected to any pharmacy licensing requirements. In any event, these employees are under the supervision of the pharmacist and perform various functions relating to the selling and dispensing of prescription drugs.
We recommend that HHS clarify that these employees are not business partners. Since the term "business partner" specifically excludes persons who are within the covered entity's workforce, we expect that the pharmacy employees discussed above would not be considered business partners, however, we would appreciate HHS's clarification in this regard because establishing contractual relationships with all pharmacy employees as business partners would be extremely cumbersome.
DEFINITIONS
Health Plan: FMI is troubled by the potential impact of the Department's proposed regulations on unfunded health plans. Smaller companies often provide their associates with special employee discounts or other membership incentives so that they can obtain health care, including prescription drugs, at reduced prices. If unfunded health plans fall under the jurisdiction of these regulations, which include significant administrative burdens and costs, we believe that many smaller employers may discontinue offering these discounted benefits to their employees. We, therefore, recommend that HHS exempt unfunded health plans from the regulations.
DEFINITIONS
Protected Health Information: The regulations propose to cover oral health information as part of protected health information. In the proposal, HHS states that protected health information would remain protected after it is read from a computer screen and discussed orally. FMI is concerned about any administrative requirements, such as documentation and recordkeeping, that might attach when protected health information is orally discussed. In our opinion, administrative requirements for oral health information would be excessively burdensome. We urge HHS to amend the final rule to ensure that the administrative requirements do not apply when protected health information is discussed orally.
GENERAL RULES
Treatment, Payment and Health Care Operations: The Department's regulations propose to allow covered entities to use or disclose protected health information without individual authorization for treatment, payment or health care operations. FMI strongly supports these provisions as they will allow for an orderly flow of information between providers, health plans and health care clearinghouses in a timely manner without disruptions that would occur if individual authorizations were required. In supermarkets that have pharmacy departments, it is not uncommon for customers to pick up their prescriptions and other health care-related items from the pharmacy, but pay for their prescription along with their grocery purchases in the check-out lane. When these types of transactions occur at the front-end, protected health information may sometimes be shared with marketing companies if the customer is enrolled in a loyalty card program or frequent shopper program. As these are disclosures associated with payments, they should not require individual authorization. Accordingly, FMI urges HHS to revise its regulations to reflect that such disclosures would violate the regulations.
The HHS regulations would prohibit the disclosure of protected health information for marketing purposes relating to health services or for financial gain. This approach may be very disruptive to prescription drug benefit plans, unless the Department provides clarification that certain activities relating to dispensing would not violate the regulations. For example, FMI urges HHS to clarify that activities relating to generic substitution, therapeutic interchange, rebates, variable co-payments, deductibles and dispensing fees will not be viewed in terms of marketing or financial gain. Rather, the Department should reference these as permissible activities in its regulations under treatment, payment and health care operations. Likewise, HHS should make an important distinction in its regulations that refill reminder programs, compliance monitoring, wellness programs and disease state management programs that are carried out by PBMs, community pharmacies and others involved in health care should not be considered marketing.
GENERAL RULES
Minimum Necessary: HHS is proposing to impose a "minimum necessary" standard on all disclosures of information; violations in which more than the minimum amount of information is provided could result in penalties. HHS justifies its approach by arguing that "the privilege" of access to protected health information "carries with it an obligation to safeguard the information." 64 Fed. Reg. at 59924. "Access" to the information is not, however, a privilege; it is an essential component of health care providers' ability to deliver the necessary health care to consumers. Thus, no "price" should be exacted for covered entities' access to it.
More importantly, if this standard is adopted, covered entities will constantly weigh their fear of liability and regulatory reprisals against patients' health care. As a result, patients may receive a lower standard of care or they may be harmed or placed at risk because insufficient information was disclosed. Accordingly, FMI opposes the proposed "minimum necessary" standard.
Nonetheless, if the Department insists on applying the "minimum necessary" standard, HHS should at least provide examples of the "minimum necessary" information under different scenarios so that covered entities and other affected parties will have a better understanding of how this requirement affects their operations and activities.
GENERAL RULES
Right To Restrict Uses and Disclosures: While FMI endorses the concept that individuals should have the right to control the use and disclosure of their protected health information, we have concerns regarding the effect this right to restrict information will have on the delivery and quality of health care. For example, if a patient requests that no information may be used or disclosed on one particular prescription, how can the pharmacist consult with the prescribing physician? How can another pharmacist check for adverse drug interactions if the patient is having his medications filled at different pharmacy locations? In our view, the right to restrict information greatly weakens the quality of health care that a pharmacist can provide, making such value added services as patient profile information and DUR meaningless.
Moreover, FMI believes that major liability issues will arise if patients are allowed to decide when their protected health information may not be used or disclosed. If an individual is to be permitted to impose a restriction on the use or disclosure of protected health information, we would strongly recommend that it be limited solely to those situations where the patient is paying in cash for the medication.
GENERAL RULES
Creation of De-Identified Information: HHS proposes to allow covered entities and their business partners to use and disclose protected health information for certain purposes, provided the sensitive information has been de-identified and the sensitive information cannot be re-identified by using keys or unlocking codes. FMI supports the proposal to allow covered entities and their business partners to use and disclose protected health information for purposes in addition to the stated uses of treatment, payment and health care operations. However, the HHS requirements are too stringent and would not allow the retention of certain key data elements that are necessary in order for the information to remain useful for its intended purpose, such as an employer's analysis of health plan utilization trends. Additionally, FMI believes that, if a covered entity has made a good faith effort to de-identify the information, the employer should not be held liable if someone else re-identifies the information. Instead, penalties should be imposed on the entity that wrongfully re-identifies the information.
GENERAL RULES
Component Entities: FMI believes the regulations should provide guidance and clarity for employers who are not covered entities, but have health care components. In our view, we believe the regulations should clarify that the health care components of an employer should be considered a single covered entity. The regulations should also clarify that an employer, his employees, the corporation and its subsidiaries should not be considered business partners when interacting with health care components of the employer.
Additionally, FMI urges HHS to clarify in the final rule that a grocery store would not be considered to have a health care component simply for allowing health-related charity fundraisers to take place at a store location. Grocery stores are important links in the community and are often asked to host community events, such as health fairs, immunizations, or dietary seminars. Performance of a community service of this nature should not render the grocery store a health care provider or deem it to possess a health care component.
RIGHTS OF INDIVIDUALS
Accounting of Disclosures: The Department's regulations propose to require covered entities to be able to account for all disclosures of protected health information other than for treatment, payment and health care operations. FMI is of the opinion that this requirement would be very burdensome and costly for covered entities, and it should be deleted from the regulations. In its place, FMI recommends that the regulations allow an individual to make reasonable requests for accountings of disclosures.
Notice of Information Practices: The regulations would require health care providers, including pharmacists, to post a notice in a clear and prominent location advising individuals about their rights relevant to protected health information. While we strongly support the concept that individuals should be informed of their rights under this regulatory initiative, FMI opposes a mandatory sign-posting requirement for pharmacies. The information can be effectively conveyed to consumers in a wide range of methods; the appropriate individuals in each pharmacy are the persons best situated to decide which method should be used in a given location. Although some pharmacies may elect to post a sign or banner in the pharmacy department, other pharmacies may prefer to advise their patients in different ways. For example, certain pharmacies may wish to place the notice under glass on a counter top, while others may wish to provide the notice as a bag stuffer when the prescription is given to the patient. Other ways in which pharmacies may prefer to advise their patients of their rights might include mailers, in-store advertising, and print or electronic media. With respect to Internet pharmacies, FMI supports the regulations' proposal to allow the required notice to be provided to patients by either e-mail or posted as a link on the Internet pharmacy's webpage.
Plain Language Requirement: The HHS regulations would require the notice advising patients of their rights to be written in plain language. FMI supports this concept. Moreover, we urge the Department to provide model language for guidance so that health care providers would be able to develop notice statements for their patients.
INTRODUCTION TO USES AND DISCLOSURES
Without Individual Authorization: FMI is concerned that the proposed regulations would preclude the use and disclosure of protected health information without an individual's authorization in certain critical situations. While the regulations would allow the disclosure of protected health information for public health activities without an individual's authorization, it appears that there are no similar provisions in the regulations that would allow for disclosure in situations where a health care component of an employer becomes aware that an employee poses a significant safety risk to other workers or the general public. Such examples would include infectious or communicable diseases, drug or alcohol abuse, and uncontrollable seizures. In these situations related to the safety of the employee with a severe medical condition or to other employees and the general public, FMI strongly recommends that the regulations allow for disclosure without an individual's authorization.
The proposed regulations would also require authorization from an individual prior to the disclosure of information to an employer for use in employment determinations. While FMI supports the concept that medical records should not be used to discriminate against an individual who is otherwise qualified and able to perform the essential functions of the job, we believe that there are numerous legitimate disclosures that should be permitted without an individual's authorization. For example, many employers require applicants to take a physical examination or a drug test as a condition of employment. Employee medical examinations, such as fitness-for-duty exams or drug tests, should not require an individual's authorization in order for the information to be disclosed to the employer. Similarly, an individual's authorization should not be required for matters relating to reasonable accommodation, job restructuring, or validating a serious health condition, such as infectious and communicable diseases with respect to employment determinations under the Americans with Disabilities Act (ADA).
Along these lines, FMI supports the proposed exclusion from the individual authorization requirement for worker's compensation benefits providers. However, the final rule should also permit the disclosure of protected health information by covered entities without the need for individual authorization so that these claims can be settled in an efficient manner. Moreover, in order for employers to meet their obligations under State worker's compensation laws, including making decisions with respect to such matters as re-employment and returning to work for injured or disabled associates, employers must have access to protected health information without an individual's authorization. We, therefore, urge HHS to revise the final rule accordingly.
ADMINISTRATIVE REQUIREMENTS
Privacy Official: The regulations would require covered entities to designate a privacy official who would be responsible for training members of the workforce regarding the protection of medical records and for establishing sanctions for those employees who do not abide by the company's privacy policies and procedures. In general, we agree that covered entities should have appropriate policies and procedures to safeguard protected health information. However, these requirements should not be imposed on an employer simply because the company provides health insurance coverage for his employees, if the company has no access to the protected health information that results from the coverage. It would be unfair to force a company to incur the expenses of training its employees on safeguarding protected health information when there is no information to protect.
From a corporate perspective in terms of our supermarket members, FMI urges HHS to clarify its regulations to allow a company with subsidiaries to have the option of designating a single privacy official for the company and its subsidiaries as opposed to designating a privacy official at corporate headquarters and at each subsidiary.
COMPLIANCE AND ENFORCEMENT
Compliance: FMI supports the Department's intention to provide technical assistance to covered entities to help them achieve compliance. However, FMI opposes the proposal to allow HHS to conduct compliance reviews to determine whether covered entities are safeguarding medical records. We strongly object to compliance reviews, unless the Secretary has received a complaint from an individual. Moreover, these so-called compliance reviews could become costly witch hunts since there is no stated time frame regarding the duration of the compliance review.
Compliance Costs: The Department has significantly underestimated the costs associated with HHS's comprehensive medical privacy initiative. According to HHS, compliance costs will be approximately $3.8 billion over five years. In contrast, a recent study sponsored by the Blue Cross and Blue Shield Association estimates that compliance cost with the regulations would likely exceed $40 billion over 5 years. The proposed regulations would require employers and covered entities to overhaul their administrative infrastructure, develop new software programs, conduct legal reviews, develop employee training programs and new systems for record retention, reporting and handling disclosure requests. Accordingly, FMI believes that the Blue Cross and Blue Shield Association study more accurately reflects the true costs of compliance with the HHS regulations.
Compliance costs of this magnitude are significant for our industry and such costs may ultimately be reflected in higher prices for goods and services, including prescription drugs that are dispensed in supermarket pharmacies. Additionally, some employers may opt to reduce or eliminate certain employee benefits in order to minimize the economic impact of this rulemaking on their operations.
Outreach: Although the regulations do not mention any future plans for an educational outreach effort, FMI hopes that HHS will conduct conferences throughout the United States to advise affected industries on how to comply with the regulations when they are issued in final form. In the past, other Federal agencies have developed educational materials and held conferences on major public policy initiatives. We believe this approach would be effective with the instant regulations given their complexity and scope. Although we expect the information will be available over the internet, interactive conferences should also be held to ensure maximum understanding of the new rules.
Conclusion: FMI urges HHS to revise its regulations to reflect the issues and recommendations that we have set forth in our comments. If such changes are not made, the supermarket industry cannot support this initiative. While the proposed regulations would afford a higher degree of privacy for protected health information, the costs to achieve this result will be extraordinary with few associated benefits to consumers. In fact, the quality of health care that patients and consumers are presently receiving may be compromised under these regulations, which is unacceptable. Moreover, because of the significant administrative burdens and costs of the Department's proposed regulations, employees may suffer a loss or reduction of certain health-related benefits.
FMI appreciates the opportunity to provide comments on the important issue of the privacy of medical records. If we may be of assistance in any further way, please do not hesitate to call on us.
Sincerely,
George Green
Vice President
General Counsel
Enclosure: policy statement [get from DTF]