S.B. 29

             1     

CONTROLLED SUBSTANCE DATABASE AMENDMENTS

             2     
2014 GENERAL SESSION

             3     
STATE OF UTAH

             4     
Chief Sponsor: Allen M. Christensen

             5     
House Sponsor: Edward H. Redd

             6     
             7      LONG TITLE
             8      Committee Note:
             9          The Health and Human Services Interim Committee recommended this bill.
             10      General Description:
             11          This bill amends Title 58, Chapter 37f, Controlled Substance Database Act.
             12      Highlighted Provisions:
             13          This bill:
             14          .    provides access to the Controlled Substance Database to authorized employees of a
             15      Medicaid managed care organization if the Medicaid managed care organization
             16      suspects the Medicaid recipient is improperly obtaining a controlled substance;
             17          .    requires the Department of Health and the Department of Commerce to have a
             18      written agreement regarding the Medicaid managed care organization authorized
             19      employee access to the Controlled Substance Database; and
             20          .    makes technical amendments.
             21      Money Appropriated in this Bill:
             22          None
             23      Other Special Clauses:
             24          None
             25      Utah Code Sections Affected:
             26      AMENDS:
             27           58-37f-301 , as last amended by Laws of Utah 2013, Chapters 12, 130, and 262


             28           58-37f-601 , as last amended by Laws of Utah 2013, Chapter 130
             29     
             30      Be it enacted by the Legislature of the state of Utah:
             31          Section 1. Section 58-37f-301 is amended to read:
             32           58-37f-301. Access to database.
             33          (1) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
             34      Administrative Rulemaking Act, to:
             35          (a) effectively enforce the limitations on access to the database as described in this
             36      part; and
             37          (b) establish standards and procedures to ensure accurate identification of individuals
             38      requesting information or receiving information without request from the database.
             39          (2) The division shall make information in the database and information obtained from
             40      other state or federal prescription monitoring programs by means of the database available only
             41      to the following individuals, in accordance with the requirements of this chapter and division
             42      rules:
             43          (a) personnel of the division specifically assigned to conduct investigations related to
             44      controlled substance laws under the jurisdiction of the division;
             45          (b) authorized division personnel engaged in analysis of controlled substance
             46      prescription information as a part of the assigned duties and responsibilities of their
             47      employment;
             48          (c) in accordance with a written agreement entered into with the department,
             49      employees of the Department of Health:
             50          (i) whom the director of the Department of Health assigns to conduct scientific studies
             51      regarding the use or abuse of controlled substances, if the identity of the individuals and
             52      pharmacies in the database are confidential and are not disclosed in any manner to any
             53      individual who is not directly involved in the scientific studies; or
             54          (ii) when the information is requested by the Department of Health in relation to a
             55      person or provider whom the Department of Health suspects may be improperly obtaining or
             56      providing a controlled substance;
             57          (d) in accordance with a written agreement entered into with the department, a
             58      designee of the director of the Department of Health, who is not an employee of the


             59      Department of Health, whom the director of the Department of Health assigns to conduct
             60      scientific studies regarding the use or abuse of controlled substances pursuant to an application
             61      process established in rule by the Department of Health, if:
             62          (i) the designee provides explicit information to the Department of Health regarding
             63      the purpose of the scientific studies;
             64          (ii) the scientific studies to be conducted by the designee:
             65          (A) fit within the responsibilities of the Department of Health for health and welfare;
             66          (B) are reviewed and approved by an Institutional Review Board that is approved for
             67      human subject research by the United States Department of Health and Human Services; and
             68          (C) are not conducted for profit or commercial gain; and
             69          (D) are conducted in a research facility, as defined by division rule, that is associated
             70      with a university or college in the state accredited by the Northwest Commission on Colleges
             71      and Universities;
             72          (iii) the designee protects the information as a business associate of the Department of
             73      Health; and
             74          (iv) the identity of the prescribers, patients, and pharmacies in the database are
             75      de-identified, confidential, not disclosed in any manner to the designee or to any individual
             76      who is not directly involved in the scientific studies;
             77          (e) in accordance with the written agreement entered into with the department and the
             78      Department of Health, authorized employees of a managed care organization, as defined in 42
             79      C.F.R. Sec. 438, if:
             80          (i) the managed care organization contracts with the Department of Health under the
             81      provisions of Section 26-18-405 ; and
             82          (ii) the information is requested by an authorized employee of the managed care
             83      organization in relation to a person who is enrolled in the Medicaid program with the managed
             84      care organization, and the managed care organization suspects the person may be improperly
             85      obtaining or providing a controlled substance;
             86          [(e)] (f) a licensed practitioner having authority to prescribe controlled substances, to
             87      the extent the information:
             88          (i) (A) relates specifically to a current or prospective patient of the practitioner; and
             89          (B) is provided to or sought by the practitioner for the purpose of:


             90          (I) prescribing or considering prescribing any controlled substance to the current or
             91      prospective patient;
             92          (II) diagnosing the current or prospective patient;
             93          (III) providing medical treatment or medical advice to the current or prospective
             94      patient; or
             95          (IV) determining whether the current or prospective patient:
             96          (Aa) is attempting to fraudulently obtain a controlled substance from the practitioner;
             97      or
             98          (Bb) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
             99      substance from the practitioner;
             100          (ii) (A) relates specifically to a former patient of the practitioner; and
             101          (B) is provided to or sought by the practitioner for the purpose of determining whether
             102      the former patient has fraudulently obtained, or has attempted to fraudulently obtain, a
             103      controlled substance from the practitioner;
             104          (iii) relates specifically to an individual who has access to the practitioner's Drug
             105      Enforcement Administration identification number, and the practitioner suspects that the
             106      individual may have used the practitioner's Drug Enforcement Administration identification
             107      number to fraudulently acquire or prescribe a controlled substance;
             108          (iv) relates to the practitioner's own prescribing practices, except when specifically
             109      prohibited by the division by administrative rule;
             110          (v) relates to the use of the controlled substance database by an employee of the
             111      practitioner, described in Subsection (2)[(f)](g); or
             112          (vi) relates to any use of the practitioner's Drug Enforcement Administration
             113      identification number to obtain, attempt to obtain, prescribe, or attempt to prescribe, a
             114      controlled substance;
             115          [(f)] (g) in accordance with Subsection (3)(a), an employee of a practitioner described
             116      in Subsection (2)[(e)](f), for a purpose described in Subsection (2)[(e)](f)(i) or (ii), if:
             117          (i) the employee is designated by the practitioner as an individual authorized to access
             118      the information on behalf of the practitioner;
             119          (ii) the practitioner provides written notice to the division of the identity of the
             120      employee; and


             121          (iii) the division:
             122          (A) grants the employee access to the database; and
             123          (B) provides the employee with a password that is unique to that employee to access
             124      the database in order to permit the division to comply with the requirements of Subsection
             125      58-37f-203 (3)(b) with respect to the employee;
             126          [(g)] (h) an employee of the same business that employs a licensed practitioner under
             127      Subsection (2)[(e)](f) if:
             128          (i) the employee is designated by the practitioner as an individual authorized to access
             129      the information on behalf of the practitioner;
             130          (ii) the practitioner and the employing business provide written notice to the division of
             131      the identity of the designated employee; and
             132          (iii) the division:
             133          (A) grants the employee access to the database; and
             134          (B) provides the employee with a password that is unique to that employee to access
             135      the database in order to permit the division to comply with the requirements of Subsection
             136      58-37f-203 (3)(b) with respect to the employee;
             137          [(h)] (i) a licensed pharmacist having authority to dispense a controlled substance to
             138      the extent the information is provided or sought for the purpose of:
             139          (i) dispensing or considering dispensing any controlled substance; or
             140          (ii) determining whether a person:
             141          (A) is attempting to fraudulently obtain a controlled substance from the pharmacist; or
             142          (B) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
             143      substance from the pharmacist;
             144          [(i)] (j) federal, state, and local law enforcement authorities, and state and local
             145      prosecutors, engaged as a specified duty of their employment in enforcing laws:
             146          (i) regulating controlled substances;
             147          (ii) investigating insurance fraud, Medicaid fraud, or Medicare fraud; or
             148          (iii) providing information about a criminal defendant to defense counsel, upon request
             149      during the discovery process, for the purpose of establishing a defense in a criminal case;
             150          [(j)] (k) employees of the Office of Internal Audit and Program Integrity within the
             151      Department of Health who are engaged in their specified duty of ensuring Medicaid program


             152      integrity under Section 26-18-2.3 ;
             153          [(k)] (l) a mental health therapist, if:
             154          (i) the information relates to a patient who is:
             155          (A) enrolled in a licensed substance abuse treatment program; and
             156          (B) receiving treatment from, or under the direction of, the mental health therapist as
             157      part of the patient's participation in the licensed substance abuse treatment program described
             158      in Subsection (2)[(k)](l)(i)(A);
             159          (ii) the information is sought for the purpose of determining whether the patient is
             160      using a controlled substance while the patient is enrolled in the licensed substance abuse
             161      treatment program described in Subsection (2)[(k)](l)(i)(A); and
             162          (iii) the licensed substance abuse treatment program described in Subsection
             163      (2)[(k)](l)(i)(A) is associated with a practitioner who:
             164          (A) is a physician, a physician assistant, an advance practice registered nurse, or a
             165      pharmacist; and
             166          (B) is available to consult with the mental health therapist regarding the information
             167      obtained by the mental health therapist, under this Subsection (2)[(k)](l), from the database;
             168          [(l)] (m) an individual who is the recipient of a controlled substance prescription
             169      entered into the database, upon providing evidence satisfactory to the division that the
             170      individual requesting the information is in fact the individual about whom the data entry was
             171      made;
             172          [(m)] (n) the inspector general, or a designee of the inspector general, of the Office of
             173      Inspector General of Medicaid Services, for the purpose of fulfilling the duties described in
             174      Title 63A, Chapter 13, Part 2, Office and Powers; and
             175          [(n)] (o) the following licensed physicians for the purpose of reviewing and offering an
             176      opinion on an individual's request for workers' compensation benefits under Title 34A, Chapter
             177      2, Workers' Compensation Act, or Title 34A, Chapter 3, Utah Occupational Disease Act:
             178          (i) a member of the medical panel described in Section 34A-2-601 ; or
             179          (ii) a physician offering a second opinion regarding treatment.
             180          (3) (a) A practitioner described in Subsection (2)[(e)](f) may designate up to three
             181      employees to access information from the database under Subsection (2)[(f)](g), (2)[(g)](h), or
             182      (4)(c).


             183          (b) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
             184      Administrative Rulemaking Act, to:
             185          (i) establish background check procedures to determine whether an employee
             186      designated under Subsection (2)[(f)](g), (2)[(g)](h), or (4)(c) should be granted access to the
             187      database; and
             188          (ii) establish the information to be provided by an emergency room employee under
             189      Subsection (4).
             190          (c) The division shall grant an employee designated under Subsection (2)[(f)](g),
             191      (2)[(g)](h), or (4)(c) access to the database, unless the division determines, based on a
             192      background check, that the employee poses a security risk to the information contained in the
             193      database.
             194          (4) (a) An individual who is employed in the emergency room of a hospital may
             195      exercise access to the database under this Subsection (4) on behalf of a licensed practitioner if
             196      the individual is designated under Subsection (4)(c) and the licensed practitioner:
             197          (i) is employed in the emergency room;
             198          (ii) is treating an emergency room patient for an emergency medical condition; and
             199          (iii) requests that an individual employed in the emergency room and designated under
             200      Subsection (4)(c) obtain information regarding the patient from the database as needed in the
             201      course of treatment.
             202          (b) The emergency room employee obtaining information from the database shall,
             203      when gaining access to the database, provide to the database the name and any additional
             204      identifiers regarding the requesting practitioner as required by division administrative rule
             205      established under Subsection (3)(b).
             206          (c) An individual employed in the emergency room under this Subsection (4) may
             207      obtain information from the database as provided in Subsection (4)(a) if:
             208          (i) the employee is designated by the practitioner as an individual authorized to access
             209      the information on behalf of the practitioner;
             210          (ii) the practitioner and the hospital operating the emergency room provide written
             211      notice to the division of the identity of the designated employee; and
             212          (iii) the division:
             213          (A) grants the employee access to the database; and


             214          (B) provides the employee with a password that is unique to that employee to access
             215      the database in order to permit the division to comply with the requirements of Subsection
             216      58-37f-203 (3)(b) with respect to the employee.
             217          (d) The division may impose a fee, in accordance with Section 63J-1-504 , on a
             218      practitioner who designates an employee under Subsection (2)[(f)](g), (2)[(g)](h), or (4)(c) to
             219      pay for the costs incurred by the division to conduct the background check and make the
             220      determination described in Subsection (3)(b).
             221          (5) (a) An individual who is granted access to the database based on the fact that the
             222      individual is a licensed practitioner or a mental health therapist shall be denied access to the
             223      database when the individual is no longer licensed.
             224          (b) An individual who is granted access to the database based on the fact that the
             225      individual is a designated employee of a licensed practitioner shall be denied access to the
             226      database when the practitioner is no longer licensed.
             227          Section 2. Section 58-37f-601 is amended to read:
             228           58-37f-601. Unlawful release or use of database information -- Criminal and civil
             229      penalties.
             230          (1) Any person who knowingly and intentionally releases any information in the
             231      database or knowingly and intentionally releases any information obtained from other state or
             232      federal prescription monitoring programs by means of the database in violation of the
             233      limitations under Part 3, Access, is guilty of a third degree felony.
             234          (2) (a) Any person who obtains or attempts to obtain information from the database or
             235      from any other state or federal prescription monitoring programs by means of the database by
             236      misrepresentation or fraud is guilty of a third degree felony.
             237          (b) Any person who obtains or attempts to obtain information from the database for a
             238      purpose other than a purpose authorized by this chapter or by rule is guilty of a third degree
             239      felony.
             240          (3) (a) Except as provided in Subsection (3)(e), a person may not knowingly and
             241      intentionally use, release, publish, or otherwise make available to any other person any
             242      information obtained from the database or from any other state or federal prescription
             243      monitoring programs by means of the database for any purpose other than those specified in
             244      Part 3, Access.


             245          (b) Each separate violation of this Subsection (3) is a third degree felony and is also
             246      subject to a civil penalty not to exceed $5,000.
             247          (c) The procedure for determining a civil violation of this Subsection (3) is in
             248      accordance with Section 58-1-108 , regarding adjudicative proceedings within the division.
             249          (d) Civil penalties assessed under this Subsection (3) shall be deposited in the General
             250      Fund as a dedicated credit to be used by the division under Subsection 58-37f-502 (1).
             251          (e) This Subsection (3) does not prohibit a person who obtains information from the
             252      database under Subsection 58-37f-301 (2)[(e),](f), (g), (i), or (4)(c) from:
             253          (i) including the information in the person's medical chart or file for access by a person
             254      authorized to review the medical chart or file; or
             255          (ii) providing the information to a person in accordance with the requirements of the
             256      Health Insurance Portability and Accountability Act of 1996.




Legislative Review Note
    as of 11-21-13 5:26 PM


Office of Legislative Research and General Counsel


[Bill Documents][Bills Directory]