(a) The department may establish an advisory group to provide recommendations on any or all of the following areas: submission specifications, patient privacy and confidentiality, data release, data aggregation, and security.
(b) The department may accept, reject, or amend recommendations, in whole or in part, from the advisory group.