Download Zipped Introduced WordPerfect HB0270S02.ZIP
[Status][Bill Documents][Fiscal Note][Bills Directory]
Second Substitute H.B. 270
1
2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill amends the Controlled Substance Database Act to allow designees of the
10 director of the Utah Department of Health to access the controlled substance database.
11 Highlighted Provisions:
12 This bill:
13 . allows the director of the Utah Department of Health to allow access to the
14 controlled substance database to designated individuals conducting scientific studies
15 regarding the use or abuse of controlled substances, if:
16 . the designee adheres to rules set by the Department of Health and federal
17 regulations covering the use of protected health information; and
18 . the identities of prescribers, patients, and pharmacies in the database are de-
19 identified in accordance with HIPAA rules, kept confidential, and not disclosed to the designee
20 or individuals not associated with the scientific studies; and
21 . makes technical changes.
22 Money Appropriated in this Bill:
23 None
24 Other Special Clauses:
25 None
26 Utah Code Sections Affected:
27 AMENDS:
28 58-37f-102, as last amended by Laws of Utah 2011, Chapter 340
29 58-37f-301, as last amended by Laws of Utah 2012, Chapters 174 and 239
30 58-37f-601, as last amended by Laws of Utah 2012, Chapter 174
31
32 Be it enacted by the Legislature of the state of Utah:
33 Section 1. Section 58-37f-102 is amended to read:
34 58-37f-102. Definitions.
35 (1) The definitions in Section 58-37-2 apply to this chapter.
36 (2) As used in this chapter:
37 (a) "Board" means the Utah State Board of Pharmacy created in Section 58-17b-201 .
38 (b) "Business associate" is as defined under the HIPAA privacy, security, and breach
39 notification rules in 45 CFR 164.502(a), 164.504(e), and 164.532(d) and (e).
40 [
41 58-37f-201 .
42 (d) "De-identified" is as defined in 45 CFR 164.502(d) and 164.514(a), (b), and (c).
43 [
44 [
45 [
46 [
47 (i) is seeking medical advice, medical treatment, or medical services from a
48 practitioner; and
49 (ii) the practitioner described in Subsection (2)[
50 patient.
51 [
52 Section 2. Section 58-37f-301 is amended to read:
53 58-37f-301. Access to database.
54 (1) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
55 Administrative Rulemaking Act, to:
56 (a) effectively enforce the limitations on access to the database as described in this
57 part; and
58 (b) establish standards and procedures to ensure accurate identification of individuals
59 requesting information or receiving information without request from the database.
60 (2) The division shall make information in the database and information obtained from
61 other state or federal prescription monitoring programs by means of the database available only
62 to the following individuals, in accordance with the requirements of this chapter and division
63 rules:
64 (a) personnel of the division specifically assigned to conduct investigations related to
65 controlled substance laws under the jurisdiction of the division;
66 (b) authorized division personnel engaged in analysis of controlled substance
67 prescription information as a part of the assigned duties and responsibilities of their
68 employment;
69 (c) in accordance with a written agreement entered into with the department,
70 employees of the Department of Health:
71 (i) whom the director of the Department of Health assigns to conduct scientific studies
72 regarding the use or abuse of controlled substances, [
73 individuals and pharmacies in the database are confidential and are not disclosed in any manner
74 to any individual who is not directly involved in the scientific studies; or
75 (ii) when the information is requested by the Department of Health in relation to a
76 person or provider whom the Department of Health suspects may be improperly obtaining or
77 providing a controlled substance;
78 (d) in accordance with a written agreement entered into with the department, a
79 designee of the director of the Department of Health, who is not an employee of the
80 Department of Health, whom the director of the Department of Health assigns to conduct
81 scientific studies regarding the use or abuse of controlled substances pursuant to an application
82 process established in rule by the Department of Health, if:
83 (i) the designee provides explicit information to the Department of Health regarding
84 the purpose of the scientific studies;
85 (ii) the scientific studies to be conducted by the designee:
86 (A) fit within the responsibilities of the Department of Health for health and welfare;
87 (B) are reviewed and approved by an Institutional Review Board that is approved for
88 human subject research by the United States Department of Health and Human Services; and
89 (C) are not conducted for profit or commercial gain; and
90 (D) are conducted in a research facility, as defined by division rule, that is associated
91 with a university or college in the state accredited by the Northwest Commission on Colleges
92 and Universities;
93 (iii) the designee protects the information as a business associate of the Department of
94 Health; and
95 (iv) the identity of the prescribers, patients, and pharmacies in the database are
96 de-identified, confidential, not disclosed in any manner to the designee or to any individual
97 who is not directly involved in the scientific studies;
98 [
99 the extent the information:
100 (i) (A) relates specifically to a current or prospective patient of the practitioner; and
101 (B) is sought by the practitioner for the purpose of:
102 (I) prescribing or considering prescribing any controlled substance to the current or
103 prospective patient;
104 (II) diagnosing the current or prospective patient;
105 (III) providing medical treatment or medical advice to the current or prospective
106 patient; or
107 (IV) determining whether the current or prospective patient:
108 (Aa) is attempting to fraudulently obtain a controlled substance from the practitioner;
109 or
110 (Bb) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
111 substance from the practitioner;
112 (ii) (A) relates specifically to a former patient of the practitioner; and
113 (B) is sought by the practitioner for the purpose of determining whether the former
114 patient has fraudulently obtained, or has attempted to fraudulently obtain, a controlled
115 substance from the practitioner;
116 (iii) relates specifically to an individual who has access to the practitioner's Drug
117 Enforcement Administration identification number, and the practitioner suspects that the
118 individual may have used the practitioner's Drug Enforcement Administration identification
119 number to fraudulently acquire or prescribe a controlled substance;
120 (iv) relates to the practitioner's own prescribing practices, except when specifically
121 prohibited by the division by administrative rule;
122 (v) relates to the use of the controlled substance database by an employee of the
123 practitioner, described in Subsection (2)(e); or
124 (vi) relates to any use of the practitioner's Drug Enforcement Administration
125 identification number to obtain, attempt to obtain, prescribe, or attempt to prescribe, a
126 controlled substance;
127 [
128 in Subsection (2)[
129 (i) the employee is designated by the practitioner as an individual authorized to access
130 the information on behalf of the practitioner;
131 (ii) the practitioner provides written notice to the division of the identity of the
132 employee; and
133 (iii) the division:
134 (A) grants the employee access to the database; and
135 (B) provides the employee with a password that is unique to that employee to access
136 the database in order to permit the division to comply with the requirements of Subsection
137 58-37f-203 (3)(b) with respect to the employee;
138 [
139 Subsection (2)[
140 (i) the employee is designated by the practitioner as an individual authorized to access
141 the information on behalf of the practitioner;
142 (ii) the practitioner and the employing business provide written notice to the division of
143 the identity of the designated employee; and
144 (iii) the division:
145 (A) grants the employee access to the database; and
146 (B) provides the employee with a password that is unique to that employee to access
147 the database in order to permit the division to comply with the requirements of Subsection
148 58-37f-203 (3)(b) with respect to the employee;
149 [
150 the extent the information is sought for the purpose of:
151 (i) dispensing or considering dispensing any controlled substance; or
152 (ii) determining whether a person:
153 (A) is attempting to fraudulently obtain a controlled substance from the pharmacist; or
154 (B) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
155 substance from the pharmacist;
156 [
157 prosecutors, engaged as a specified duty of their employment in enforcing laws:
158 (i) regulating controlled substances;
159 (ii) investigating insurance fraud, Medicaid fraud, or Medicare fraud; or
160 (iii) providing information about a criminal defendant to defense counsel, upon request
161 during the discovery process, for the purpose of establishing a defense in a criminal case;
162 [
163 Department of Health who are engaged in their specified duty of ensuring Medicaid program
164 integrity under Section 26-18-2.3 ;
165 [
166 (i) the information relates to a patient who is:
167 (A) enrolled in a licensed substance abuse treatment program; and
168 (B) receiving treatment from, or under the direction of, the mental health therapist as
169 part of the patient's participation in the licensed substance abuse treatment program described
170 in Subsection (2)[
171 (ii) the information is sought for the purpose of determining whether the patient is
172 using a controlled substance while the patient is enrolled in the licensed substance abuse
173 treatment program described in Subsection (2)[
174 (iii) the licensed substance abuse treatment program described in Subsection
175 (2)[
176 (A) is a physician, a physician assistant, an advance practice registered nurse, or a
177 pharmacist; and
178 (B) is available to consult with the mental health therapist regarding the information
179 obtained by the mental health therapist, under this Subsection (2)[
180 [
181 entered into the database, upon providing evidence satisfactory to the division that the
182 individual requesting the information is in fact the individual about whom the data entry was
183 made;
184 [
185 Inspector General of Medicaid Services, for the purpose of fulfilling the duties described in
186 Title 63J, Chapter 4a, Part 2, Office Duties and Powers; and
187 [
188 an opinion on an individual's request for workers' compensation benefits under Title 34A,
189 Chapter 2, Workers' Compensation Act, or Title 34A, Chapter 3, Utah Occupational Disease
190 Act:
191 (i) a member of the medical panel described in Section 34A-2-601 ; or
192 (ii) a physician offering a second opinion regarding treatment.
193 (3) (a) A practitioner described in Subsection (2)[
194 employees to access information from the database under Subsection [
195 (4)(c).
196 (b) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
197 Administrative Rulemaking Act, to:
198 (i) establish background check procedures to determine whether an employee
199 designated under Subsection [
200 database; and
201 (ii) establish the information to be provided by an emergency room employee under
202 Subsection (4).
203 (c) The division shall grant an employee designated under Subsection [
204 (2)(g) or (4)(c) access to the database, unless the division determines, based on a background
205 check, that the employee poses a security risk to the information contained in the database.
206 (4) (a) An individual who is employed in the emergency room of a hospital may
207 exercise access to the database under this Subsection (4) on behalf of a licensed practitioner if
208 the individual is designated under Subsection (4)(c) and the licensed practitioner:
209 (i) is employed in the emergency room;
210 (ii) is treating an emergency room patient for an emergency medical condition; and
211 (iii) requests that an individual employed in the emergency room and designated under
212 Subsection (4)(c) obtain information regarding the patient from the database as needed in the
213 course of treatment.
214 (b) The emergency room employee obtaining information from the database shall,
215 when gaining access to the database, provide to the database the name and any additional
216 identifiers regarding the requesting practitioner as required by division administrative rule
217 established under Subsection (3)(b).
218 (c) An individual employed in the emergency room under this Subsection (4) may
219 obtain information from the database as provided in Subsection (4)(a) if:
220 (i) the employee is designated by the practitioner as an individual authorized to access
221 the information on behalf of the practitioner;
222 (ii) the practitioner and the hospital operating the emergency room provide written
223 notice to the division of the identity of the designated employee; and
224 (iii) the division:
225 (A) grants the employee access to the database; and
226 (B) provides the employee with a password that is unique to that employee to access
227 the database in order to permit the division to comply with the requirements of Subsection
228 58-37f-203 (3)(b) with respect to the employee.
229 (d) The division may impose a fee, in accordance with Section 63J-1-504 , on a
230 practitioner who designates an employee under Subsection [
231 pay for the costs incurred by the division to conduct the background check and make the
232 determination described in Subsection (3)(b).
233 (5) (a) An individual who is granted access to the database based on the fact that the
234 individual is a licensed practitioner or a mental health therapist shall be denied access to the
235 database when the individual is no longer licensed.
236 (b) An individual who is granted access to the database based on the fact that the
237 individual is a designated employee of a licensed practitioner shall be denied access to the
238 database when the practitioner is no longer licensed.
239 Section 3. Section 58-37f-601 is amended to read:
240 58-37f-601. Unlawful release or use of database information -- Criminal and civil
241 penalties.
242 (1) Any person who knowingly and intentionally releases any information in the
243 database or knowingly and intentionally releases any information obtained from other state or
244 federal prescription monitoring programs by means of the database in violation of the
245 limitations under Part 3, Access, is guilty of a third degree felony.
246 (2) (a) Any person who obtains or attempts to obtain information from the database or
247 from any other state or federal prescription monitoring programs by means of the database by
248 misrepresentation or fraud is guilty of a third degree felony.
249 (b) Any person who obtains or attempts to obtain information from the database for a
250 purpose other than a purpose authorized by this chapter or by rule is guilty of a third degree
251 felony.
252 (3) (a) Except as provided in Subsection (3)(e), a person may not knowingly and
253 intentionally use, release, publish, or otherwise make available to any other person any
254 information obtained from the database or from any other state or federal prescription
255 monitoring programs by means of the database for any purpose other than those specified in
256 Part 3, Access.
257 (b) Each separate violation of this Subsection (3) is a third degree felony and is also
258 subject to a civil penalty not to exceed $5,000.
259 (c) The procedure for determining a civil violation of this Subsection (3) is in
260 accordance with Section 58-1-108 , regarding adjudicative proceedings within the division.
261 (d) Civil penalties assessed under this Subsection (3) shall be deposited in the General
262 Fund as a dedicated credit to be used by the division under Subsection 58-37f-502 (1).
263 (e) This Subsection (3) does not prohibit a person who obtains information from the
264 database under Subsection 58-37f-301 (2)[
265 (i) including the information in the person's medical chart or file for access by a person
266 authorized to review the medical chart or file; or
267 (ii) providing the information to a person in accordance with the requirements of the
268 Health Insurance Portability and Accountability Act of 1996.
[Bill Documents][Bills Directory]