S.B. 29
1
2
3
4
5
6
7 LONG TITLE
8 Committee Note:
9 The Health and Human Services Interim Committee recommended this bill.
10 General Description:
11 This bill amends Title 58, Chapter 37f, Controlled Substance Database Act.
12 Highlighted Provisions:
13 This bill:
14 . provides access to the Controlled Substance Database to authorized employees of a
15 Medicaid managed care organization if the Medicaid managed care organization
16 suspects the Medicaid recipient is improperly obtaining a controlled substance;
17 . requires the Department of Health and the Department of Commerce to have a
18 written agreement regarding the Medicaid managed care organization authorized
19 employee access to the Controlled Substance Database; and
20 . makes technical amendments.
21 Money Appropriated in this Bill:
22 None
23 Other Special Clauses:
24 None
25 Utah Code Sections Affected:
26 AMENDS:
27 58-37f-301 , as last amended by Laws of Utah 2013, Chapters 12, 130, and 262
28 58-37f-601 , as last amended by Laws of Utah 2013, Chapter 130
29
30 Be it enacted by the Legislature of the state of Utah:
31 Section 1. Section 58-37f-301 is amended to read:
32 58-37f-301. Access to database.
33 (1) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
34 Administrative Rulemaking Act, to:
35 (a) effectively enforce the limitations on access to the database as described in this
36 part; and
37 (b) establish standards and procedures to ensure accurate identification of individuals
38 requesting information or receiving information without request from the database.
39 (2) The division shall make information in the database and information obtained from
40 other state or federal prescription monitoring programs by means of the database available only
41 to the following individuals, in accordance with the requirements of this chapter and division
42 rules:
43 (a) personnel of the division specifically assigned to conduct investigations related to
44 controlled substance laws under the jurisdiction of the division;
45 (b) authorized division personnel engaged in analysis of controlled substance
46 prescription information as a part of the assigned duties and responsibilities of their
47 employment;
48 (c) in accordance with a written agreement entered into with the department,
49 employees of the Department of Health:
50 (i) whom the director of the Department of Health assigns to conduct scientific studies
51 regarding the use or abuse of controlled substances, if the identity of the individuals and
52 pharmacies in the database are confidential and are not disclosed in any manner to any
53 individual who is not directly involved in the scientific studies; or
54 (ii) when the information is requested by the Department of Health in relation to a
55 person or provider whom the Department of Health suspects may be improperly obtaining or
56 providing a controlled substance;
57 (d) in accordance with a written agreement entered into with the department, a
58 designee of the director of the Department of Health, who is not an employee of the
59 Department of Health, whom the director of the Department of Health assigns to conduct
60 scientific studies regarding the use or abuse of controlled substances pursuant to an application
61 process established in rule by the Department of Health, if:
62 (i) the designee provides explicit information to the Department of Health regarding
63 the purpose of the scientific studies;
64 (ii) the scientific studies to be conducted by the designee:
65 (A) fit within the responsibilities of the Department of Health for health and welfare;
66 (B) are reviewed and approved by an Institutional Review Board that is approved for
67 human subject research by the United States Department of Health and Human Services; and
68 (C) are not conducted for profit or commercial gain; and
69 (D) are conducted in a research facility, as defined by division rule, that is associated
70 with a university or college in the state accredited by the Northwest Commission on Colleges
71 and Universities;
72 (iii) the designee protects the information as a business associate of the Department of
73 Health; and
74 (iv) the identity of the prescribers, patients, and pharmacies in the database are
75 de-identified, confidential, not disclosed in any manner to the designee or to any individual
76 who is not directly involved in the scientific studies;
77 (e) in accordance with the written agreement entered into with the department and the
78 Department of Health, authorized employees of a managed care organization, as defined in 42
79 C.F.R. Sec. 438, if:
80 (i) the managed care organization contracts with the Department of Health under the
81 provisions of Section 26-18-405 ; and
82 (ii) the information is requested by an authorized employee of the managed care
83 organization in relation to a person who is enrolled in the Medicaid program with the managed
84 care organization, and the managed care organization suspects the person may be improperly
85 obtaining or providing a controlled substance;
86 [
87 the extent the information:
88 (i) (A) relates specifically to a current or prospective patient of the practitioner; and
89 (B) is provided to or sought by the practitioner for the purpose of:
90 (I) prescribing or considering prescribing any controlled substance to the current or
91 prospective patient;
92 (II) diagnosing the current or prospective patient;
93 (III) providing medical treatment or medical advice to the current or prospective
94 patient; or
95 (IV) determining whether the current or prospective patient:
96 (Aa) is attempting to fraudulently obtain a controlled substance from the practitioner;
97 or
98 (Bb) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
99 substance from the practitioner;
100 (ii) (A) relates specifically to a former patient of the practitioner; and
101 (B) is provided to or sought by the practitioner for the purpose of determining whether
102 the former patient has fraudulently obtained, or has attempted to fraudulently obtain, a
103 controlled substance from the practitioner;
104 (iii) relates specifically to an individual who has access to the practitioner's Drug
105 Enforcement Administration identification number, and the practitioner suspects that the
106 individual may have used the practitioner's Drug Enforcement Administration identification
107 number to fraudulently acquire or prescribe a controlled substance;
108 (iv) relates to the practitioner's own prescribing practices, except when specifically
109 prohibited by the division by administrative rule;
110 (v) relates to the use of the controlled substance database by an employee of the
111 practitioner, described in Subsection (2)[
112 (vi) relates to any use of the practitioner's Drug Enforcement Administration
113 identification number to obtain, attempt to obtain, prescribe, or attempt to prescribe, a
114 controlled substance;
115 [
116 in Subsection (2)[
117 (i) the employee is designated by the practitioner as an individual authorized to access
118 the information on behalf of the practitioner;
119 (ii) the practitioner provides written notice to the division of the identity of the
120 employee; and
121 (iii) the division:
122 (A) grants the employee access to the database; and
123 (B) provides the employee with a password that is unique to that employee to access
124 the database in order to permit the division to comply with the requirements of Subsection
125 58-37f-203 (3)(b) with respect to the employee;
126 [
127 Subsection (2)[
128 (i) the employee is designated by the practitioner as an individual authorized to access
129 the information on behalf of the practitioner;
130 (ii) the practitioner and the employing business provide written notice to the division of
131 the identity of the designated employee; and
132 (iii) the division:
133 (A) grants the employee access to the database; and
134 (B) provides the employee with a password that is unique to that employee to access
135 the database in order to permit the division to comply with the requirements of Subsection
136 58-37f-203 (3)(b) with respect to the employee;
137 [
138 the extent the information is provided or sought for the purpose of:
139 (i) dispensing or considering dispensing any controlled substance; or
140 (ii) determining whether a person:
141 (A) is attempting to fraudulently obtain a controlled substance from the pharmacist; or
142 (B) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
143 substance from the pharmacist;
144 [
145 prosecutors, engaged as a specified duty of their employment in enforcing laws:
146 (i) regulating controlled substances;
147 (ii) investigating insurance fraud, Medicaid fraud, or Medicare fraud; or
148 (iii) providing information about a criminal defendant to defense counsel, upon request
149 during the discovery process, for the purpose of establishing a defense in a criminal case;
150 [
151 Department of Health who are engaged in their specified duty of ensuring Medicaid program
152 integrity under Section 26-18-2.3 ;
153 [
154 (i) the information relates to a patient who is:
155 (A) enrolled in a licensed substance abuse treatment program; and
156 (B) receiving treatment from, or under the direction of, the mental health therapist as
157 part of the patient's participation in the licensed substance abuse treatment program described
158 in Subsection (2)[
159 (ii) the information is sought for the purpose of determining whether the patient is
160 using a controlled substance while the patient is enrolled in the licensed substance abuse
161 treatment program described in Subsection (2)[
162 (iii) the licensed substance abuse treatment program described in Subsection
163 (2)[
164 (A) is a physician, a physician assistant, an advance practice registered nurse, or a
165 pharmacist; and
166 (B) is available to consult with the mental health therapist regarding the information
167 obtained by the mental health therapist, under this Subsection (2)[
168 [
169 entered into the database, upon providing evidence satisfactory to the division that the
170 individual requesting the information is in fact the individual about whom the data entry was
171 made;
172 [
173 Inspector General of Medicaid Services, for the purpose of fulfilling the duties described in
174 Title 63A, Chapter 13, Part 2, Office and Powers; and
175 [
176 opinion on an individual's request for workers' compensation benefits under Title 34A, Chapter
177 2, Workers' Compensation Act, or Title 34A, Chapter 3, Utah Occupational Disease Act:
178 (i) a member of the medical panel described in Section 34A-2-601 ; or
179 (ii) a physician offering a second opinion regarding treatment.
180 (3) (a) A practitioner described in Subsection (2)[
181 employees to access information from the database under Subsection (2)[
182 (4)(c).
183 (b) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
184 Administrative Rulemaking Act, to:
185 (i) establish background check procedures to determine whether an employee
186 designated under Subsection (2)[
187 database; and
188 (ii) establish the information to be provided by an emergency room employee under
189 Subsection (4).
190 (c) The division shall grant an employee designated under Subsection (2)[
191 (2)[
192 background check, that the employee poses a security risk to the information contained in the
193 database.
194 (4) (a) An individual who is employed in the emergency room of a hospital may
195 exercise access to the database under this Subsection (4) on behalf of a licensed practitioner if
196 the individual is designated under Subsection (4)(c) and the licensed practitioner:
197 (i) is employed in the emergency room;
198 (ii) is treating an emergency room patient for an emergency medical condition; and
199 (iii) requests that an individual employed in the emergency room and designated under
200 Subsection (4)(c) obtain information regarding the patient from the database as needed in the
201 course of treatment.
202 (b) The emergency room employee obtaining information from the database shall,
203 when gaining access to the database, provide to the database the name and any additional
204 identifiers regarding the requesting practitioner as required by division administrative rule
205 established under Subsection (3)(b).
206 (c) An individual employed in the emergency room under this Subsection (4) may
207 obtain information from the database as provided in Subsection (4)(a) if:
208 (i) the employee is designated by the practitioner as an individual authorized to access
209 the information on behalf of the practitioner;
210 (ii) the practitioner and the hospital operating the emergency room provide written
211 notice to the division of the identity of the designated employee; and
212 (iii) the division:
213 (A) grants the employee access to the database; and
214 (B) provides the employee with a password that is unique to that employee to access
215 the database in order to permit the division to comply with the requirements of Subsection
216 58-37f-203 (3)(b) with respect to the employee.
217 (d) The division may impose a fee, in accordance with Section 63J-1-504 , on a
218 practitioner who designates an employee under Subsection (2)[
219 pay for the costs incurred by the division to conduct the background check and make the
220 determination described in Subsection (3)(b).
221 (5) (a) An individual who is granted access to the database based on the fact that the
222 individual is a licensed practitioner or a mental health therapist shall be denied access to the
223 database when the individual is no longer licensed.
224 (b) An individual who is granted access to the database based on the fact that the
225 individual is a designated employee of a licensed practitioner shall be denied access to the
226 database when the practitioner is no longer licensed.
227 Section 2. Section 58-37f-601 is amended to read:
228 58-37f-601. Unlawful release or use of database information -- Criminal and civil
229 penalties.
230 (1) Any person who knowingly and intentionally releases any information in the
231 database or knowingly and intentionally releases any information obtained from other state or
232 federal prescription monitoring programs by means of the database in violation of the
233 limitations under Part 3, Access, is guilty of a third degree felony.
234 (2) (a) Any person who obtains or attempts to obtain information from the database or
235 from any other state or federal prescription monitoring programs by means of the database by
236 misrepresentation or fraud is guilty of a third degree felony.
237 (b) Any person who obtains or attempts to obtain information from the database for a
238 purpose other than a purpose authorized by this chapter or by rule is guilty of a third degree
239 felony.
240 (3) (a) Except as provided in Subsection (3)(e), a person may not knowingly and
241 intentionally use, release, publish, or otherwise make available to any other person any
242 information obtained from the database or from any other state or federal prescription
243 monitoring programs by means of the database for any purpose other than those specified in
244 Part 3, Access.
245 (b) Each separate violation of this Subsection (3) is a third degree felony and is also
246 subject to a civil penalty not to exceed $5,000.
247 (c) The procedure for determining a civil violation of this Subsection (3) is in
248 accordance with Section 58-1-108 , regarding adjudicative proceedings within the division.
249 (d) Civil penalties assessed under this Subsection (3) shall be deposited in the General
250 Fund as a dedicated credit to be used by the division under Subsection 58-37f-502 (1).
251 (e) This Subsection (3) does not prohibit a person who obtains information from the
252 database under Subsection 58-37f-301 (2)[
253 (i) including the information in the person's medical chart or file for access by a person
254 authorized to review the medical chart or file; or
255 (ii) providing the information to a person in accordance with the requirements of the
256 Health Insurance Portability and Accountability Act of 1996.
Legislative Review Note
as of 11-21-13 5:26 PM