Attorney General of Colorado — Opinion
April 11, 2006
This opinion, requested by the Executive Director of the Colorado Department of Public Health and Environment, concerns the right of the Office of the State Auditor (“Auditor”) to access certain confidential information held by the Health Facilities and Emergency Medical Services Division of the Colorado Department of Public Health and Environment (“Department”).
JOHN W. SUTHERS, Attorney General
QUESTIONS PRESENTED AND ANSWERS
Question: Does section 2-3-107(2), C. R. S. (2005) allow the Office of the State Auditor access to unredacted complaint and occurrence reports made by nursing homes facilities to the Department of Public Health and Environment?
Answer: No. While section 2-3-107(2) can be read on its face to permit access to confidential department records, it conflicts with section 25-1-124 which does not allow the Department to release unredacted reports to any entity other than a regulatory agency having jurisdiction over disciplinary and licensing sanctions. Since section 25-1-124 is the more specific and later enacted provision, it controls.
Question: Does section 25-1-124(4) permit the Department of Public Health and Environment to release to the State Auditor unredacted complaint and occurrence reports made by nursing home facilities?
Answer: No. The complaint and occurrence reports are strictly confidential. The disclosure of identifying information in the complaints and occurrence reports is limited to regulatory agencies which have jurisdiction over disciplinary and licensing sanctions. The Auditor is not such an agency.
On December 14, 2005, the State Auditor advised the Department that she was going to conduct a performance audit of the state’s oversight of nursing home facilities and requested access to complaints and occurrence reports that are otherwise confidential pursuant to section 25-1-124. The reports are mandatory for all licensed health care facilities and relate to certain complaints and injuries to patients. Department is required to review and investigate the reports and make a determination as to whether there was a violation of licensing standards or a deficiency in a facility’s operation. The statute further provides that:
Any report submitted pursuant to subsection (2) shall be strictly confidential; except that information in any such report may be transmitted to an appropriate regulatory agency having jurisdiction for disciplinary or license sanctions. The information in such reports shall not be made public upon subpoena, search warrant, discovery proceedings, or otherwise, except as provided in subsection (6) of this section.
§ 25-1-124(4) (emphasis added).
Section 25-1-124(6) allows for the release of occurrence and complaint information and the conclusions of the Department as a result of its investigation, but specifically requires that it not identify the patient, resident or health care professional involved in the report. “Any person, association or corporation that willfully violates, disobeys or disregards the provisions of the public health laws commits a criminal misdemeanor, punishable by a fine of not more than $1,000 and imprisonment of not more than one year, or both.”
In contrast, the State Auditor’s authority to access state records arises, in part, under section 2-3-107(2):
The state auditor or his designated representative shall have access at all times, except as provided by sections 39-1-116, 39-4-103, and 39-5-120, C.R.S., to all of the books, accounts, reports (confidential or otherwise), vouchers, or other records or information in any department, institution, or agency. Nothing in this subsection (2) shall be construed as authorizing or permitting the publication of information prohibited by law. Any officer or employee who fails or refuses to permit such access or examination for audit or who interferes in any way with such examination is guilty of a misdemeanor and, upon conviction thereof, shall be punished by a fine of not less than one hundred dollars nor more than one thousand dollars, or by imprisonment in the county jail for not less than one
month nor more than twelve months, or by both fine and imprisonment.
The Auditor’s statute allows the Auditor to subpoena records of departments and agencies in the same manner as a court of law. See § 2-3-107(1). This provision conflicts with the Department’s controlling statute, section 24-1-125(4), which mandates that occurrence reports not be made public in response to a subpoena unless identifying information is redacted. The statutes conflict because one allows unfettered access to confidential reports and complaints and the other restricts access to the identifying information in the occurrence reports to specific regulatory agencies. The conflict in the language of the two statutes and the criminal penalties attendant to a violation of either statute form the basis for the Department’s request for a formal opinion from the Attorney General.
In interpreting statutory provisions which appear to conflict, attempts shall be made to construe the provisions in a manner that will avoid conflict. Smith v. Zufelt, 880 P.2d 1178 (Colo. 1994). A statute should be construed to give meaning to all of its parts. Farmers Ins. Exchange v Bill Bloom, Inc., 961 P.2d 465 (Colo. 1998). The words and phrases in a statute should be given effect according to their plain and ordinary meaning. People v. Dist. Court, nd Jud. Dist, 713 P.2d 918 (Colo. 1986) (codified in § 2-4-101) If the statutes cannot be reconciled, the more specific provision prevails. See People v. Munoz, 857 P.2d 546 (Colo.App. 1993) and Fuhrer v. Dept. of Motor Vehicles, 592 P.2d 402 (Colo. 1976) (codified in § 2-4-205). In the event an irreconcilable conflict exists, the statute enacted last in time controls. Ortega .v. Industrial Commission, 628 P.2d 511 (Colo.App. 1984) and People In The Interest of EZL, 815 P.2d 987 (Colo.App. 1991) (codified in § 2-4-206)
The duty of the Auditor “is to conduct or cause to be conducted post audits of all financial transactions and accounts kept by or for all departments, institutions and agencies of the state government . . . to conduct performance post audits thereof . . .” § 2-3-103 (1). Pursuant to subsection (2), “The state auditor shall prepare reports and recommendations for the legislative audit committee . . . and under the direction of the committee, prepare an annual report. All reports shall be open to public inspection except for that portion of any report containing recommendations, comments, and any narrative statements which is released only upon the approval of a majority vote of the committee.”
Section 2-3-107(2) applies to all departments, institutions and agencies and was enacted in 1965. On its face it allows the Auditor or his representative access to confidential reports of any department subject only to specific exceptions for certain tax records. This right is limited only by the caveat that “nothing in this subsection shall be construed as authorizing or permitting the publication of information prohibited by law.” There is no guarantee in the statute that confidential records and reports received through the audit process will be kept
confidential. The Auditor is required to keep a complete file of copies of all audit reports, including work papers and copies of examinations, investigations and any other reports or materials issued by the state auditor, his staff and the (legislative audit) committee. See § 2-3-103(3). The legislative audit committee has the discretion to make the work papers open to public inspection upon a majority vote of the committee. Strikingly absent is a criminal penalty for the publication of information prohibited by law. The only penalty in this statute for disclosure applies to individuals who willfully and knowingly disclose the contents of any auditor’s report prior to the release of the report by a majority vote of the committee. See § 2-3-104(2). This penalty does not apply to necessary communications between the auditor’s staff and it contractors. See § 2-3-104(2). However, there is a criminal penalty for agency officers and employees that fail to provide requested information, or otherwise interfere with the auditing process. § 2-3-107(2)
Section 25-1-124 was enacted in 1997. Its stated purpose is to make it easier for people to make informed decisions in choosing a health care facility for themselves and their families by improving access to reliable, helpful and unbiased information concerning the quality of care and the environmental safety of a health care facility. § 24-1-125(1). In furtherance of that goal, it requires health care facilities (nursing homes) to submit occurrence reports of certain specified events to the Department for review and investigation. Pursuant to subsection (5), the Department shall prepare a summary of its investigative findings. Each summary shall include the Department’s conclusions and whether there was a violation of licensing standards, a deficiency or whether the facility acted appropriately in response to the occurrence.
The basic premise of statutory construction is that care must be taken to give effect to legislative intent. People v. Dist. Court, 2nd Jud. Dist. Supra. In order to determine legislative intent, one looks primarily to the language of the statute. If the legislative intent is clear from the language of the statute, one need not look to the legislative history. Here, the language of the statute is very precise and legislative intent can be determined from the plain language of the statute.
Section 25-1-124(4), provides that the complaints and the occurrence reports shall be strictly confidential. The only exception to strict confidentiality is that the information in the reports may be transmitted to an appropriate regulatory agency having jurisdiction for disciplinary or license sanctions. These reports contain the names and other identifying information of the individual patients and residents involved in the occurrence. The Department cannot produce the reports pursuant to a subpoena, search warrant, discovery proceeding, or otherwise except as provided by subsection (6) of the statute. Subsection (6)(b)
states that any information produced shall not identify the patient, resident or health care professional involved in the report.
The occurrence reports in their present format did not exist prior to enactment of this statute. The legislature did not say the occurrence reports were confidential, but chose to modify and emphasize confidentiality with the word “strictly.” The plain and ordinary use and meaning of “strict” or “strictly” in this context is “rigid, exacting and absolute.” Black’s Law Dictionary, 7th Ed 1999. The statute is very specific as to the circumstances and conditions under which the contents of the reports can be disclosed. The only exception to unredacted disclosure is to regulatory agencies having jurisdiction over disciplinary and license sanctions. The State Auditor is not such an agency. The Department has a mandatory obligation to protect the identifying information. It has no apparent right or ability to monitor the use or disclosure of unredacted complaints and occurrence reports once they are released to the Auditor or his/her designated representative. Allowing the Auditor unfettered access to the unredacted complaints and occurrence reports would place the Department in an untenable position.
The statutes conflict and can not be reconciled absent statutory construction aides. The controlling Department statute, section 25-1-124, is more specific than the general Auditor’s statute as the former was enacted for a specific purpose and is very precise as to who has access to the identifying information in the reports. The Department’s statute was also enacted later in time. The conflict is thus resolved in favor of the Department’s statute. Accordingly, it is my opinion that the Department cannot release the identifying information in the complaints and occurrence reports to the Auditor’s office.
Issued this 11th day of April, 2006.