S.B. 29 Enrolled
1
2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill amends Title 58, Chapter 37f, Controlled Substance Database Act.
10 Highlighted Provisions:
11 This bill:
12 . provides access to the Controlled Substance Database to authorized employees of a
13 Medicaid managed care organization if the Medicaid managed care organization
14 suspects the Medicaid recipient is improperly obtaining a controlled substance;
15 . requires the Department of Health and the Department of Commerce to have a
16 written agreement regarding the Medicaid managed care organization authorized
17 employee access to the Controlled Substance Database; and
18 . makes technical amendments.
19 Money Appropriated in this Bill:
20 None
21 Other Special Clauses:
22 None
23 Utah Code Sections Affected:
24 AMENDS:
25 58-37f-301 , as last amended by Laws of Utah 2013, Chapters 12, 130, and 262
26 58-37f-601 , as last amended by Laws of Utah 2013, Chapter 130
27
28 Be it enacted by the Legislature of the state of Utah:
29 Section 1. Section 58-37f-301 is amended to read:
30 58-37f-301. Access to database.
31 (1) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
32 Administrative Rulemaking Act, to:
33 (a) effectively enforce the limitations on access to the database as described in this
34 part; and
35 (b) establish standards and procedures to ensure accurate identification of individuals
36 requesting information or receiving information without request from the database.
37 (2) The division shall make information in the database and information obtained from
38 other state or federal prescription monitoring programs by means of the database available only
39 to the following individuals, in accordance with the requirements of this chapter and division
40 rules:
41 (a) personnel of the division specifically assigned to conduct investigations related to
42 controlled substance laws under the jurisdiction of the division;
43 (b) authorized division personnel engaged in analysis of controlled substance
44 prescription information as a part of the assigned duties and responsibilities of their
45 employment;
46 (c) in accordance with a written agreement entered into with the department,
47 employees of the Department of Health:
48 (i) whom the director of the Department of Health assigns to conduct scientific studies
49 regarding the use or abuse of controlled substances, if the identity of the individuals and
50 pharmacies in the database are confidential and are not disclosed in any manner to any
51 individual who is not directly involved in the scientific studies; or
52 (ii) when the information is requested by the Department of Health in relation to a
53 person or provider whom the Department of Health suspects may be improperly obtaining or
54 providing a controlled substance;
55 (d) in accordance with a written agreement entered into with the department, a
56 designee of the director of the Department of Health, who is not an employee of the
57 Department of Health, whom the director of the Department of Health assigns to conduct
58 scientific studies regarding the use or abuse of controlled substances pursuant to an application
59 process established in rule by the Department of Health, if:
60 (i) the designee provides explicit information to the Department of Health regarding
61 the purpose of the scientific studies;
62 (ii) the scientific studies to be conducted by the designee:
63 (A) fit within the responsibilities of the Department of Health for health and welfare;
64 (B) are reviewed and approved by an Institutional Review Board that is approved for
65 human subject research by the United States Department of Health and Human Services; and
66 (C) are not conducted for profit or commercial gain; and
67 (D) are conducted in a research facility, as defined by division rule, that is associated
68 with a university or college in the state accredited by the Northwest Commission on Colleges
69 and Universities;
70 (iii) the designee protects the information as a business associate of the Department of
71 Health; and
72 (iv) the identity of the prescribers, patients, and pharmacies in the database are
73 de-identified, confidential, not disclosed in any manner to the designee or to any individual
74 who is not directly involved in the scientific studies;
75 (e) in accordance with the written agreement entered into with the department and the
76 Department of Health, authorized employees of a managed care organization, as defined in 42
77 C.F.R. Sec. 438, if:
78 (i) the managed care organization contracts with the Department of Health under the
79 provisions of Section 26-18-405 and the contract includes provisions that:
80 (A) require a managed care organization employee who will have access to information
81 from the database to submit to a criminal background check; and
82 (B) limit the authorized employee of the managed care organization to requesting either
83 the division or the Department of Health to conduct a search of the database regarding a
84 specific Medicaid enrollee and to report the results of the search to the authorized employee;
85 and
86 (ii) the information is requested by an authorized employee of the managed care
87 organization in relation to a person who is enrolled in the Medicaid program with the managed
88 care organization, and the managed care organization suspects the person may be improperly
89 obtaining or providing a controlled substance;
90 [
91 the extent the information:
92 (i) (A) relates specifically to a current or prospective patient of the practitioner; and
93 (B) is provided to or sought by the practitioner for the purpose of:
94 (I) prescribing or considering prescribing any controlled substance to the current or
95 prospective patient;
96 (II) diagnosing the current or prospective patient;
97 (III) providing medical treatment or medical advice to the current or prospective
98 patient; or
99 (IV) determining whether the current or prospective patient:
100 (Aa) is attempting to fraudulently obtain a controlled substance from the practitioner;
101 or
102 (Bb) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
103 substance from the practitioner;
104 (ii) (A) relates specifically to a former patient of the practitioner; and
105 (B) is provided to or sought by the practitioner for the purpose of determining whether
106 the former patient has fraudulently obtained, or has attempted to fraudulently obtain, a
107 controlled substance from the practitioner;
108 (iii) relates specifically to an individual who has access to the practitioner's Drug
109 Enforcement Administration identification number, and the practitioner suspects that the
110 individual may have used the practitioner's Drug Enforcement Administration identification
111 number to fraudulently acquire or prescribe a controlled substance;
112 (iv) relates to the practitioner's own prescribing practices, except when specifically
113 prohibited by the division by administrative rule;
114 (v) relates to the use of the controlled substance database by an employee of the
115 practitioner, described in Subsection (2)[
116 (vi) relates to any use of the practitioner's Drug Enforcement Administration
117 identification number to obtain, attempt to obtain, prescribe, or attempt to prescribe, a
118 controlled substance;
119 [
120 in Subsection (2)[
121 (i) the employee is designated by the practitioner as an individual authorized to access
122 the information on behalf of the practitioner;
123 (ii) the practitioner provides written notice to the division of the identity of the
124 employee; and
125 (iii) the division:
126 (A) grants the employee access to the database; and
127 (B) provides the employee with a password that is unique to that employee to access
128 the database in order to permit the division to comply with the requirements of Subsection
129 58-37f-203 (3)(b) with respect to the employee;
130 [
131 Subsection (2)[
132 (i) the employee is designated by the practitioner as an individual authorized to access
133 the information on behalf of the practitioner;
134 (ii) the practitioner and the employing business provide written notice to the division of
135 the identity of the designated employee; and
136 (iii) the division:
137 (A) grants the employee access to the database; and
138 (B) provides the employee with a password that is unique to that employee to access
139 the database in order to permit the division to comply with the requirements of Subsection
140 58-37f-203 (3)(b) with respect to the employee;
141 [
142 the extent the information is provided or sought for the purpose of:
143 (i) dispensing or considering dispensing any controlled substance; or
144 (ii) determining whether a person:
145 (A) is attempting to fraudulently obtain a controlled substance from the pharmacist; or
146 (B) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
147 substance from the pharmacist;
148 [
149 prosecutors, engaged as a specified duty of their employment in enforcing laws:
150 (i) regulating controlled substances;
151 (ii) investigating insurance fraud, Medicaid fraud, or Medicare fraud; or
152 (iii) providing information about a criminal defendant to defense counsel, upon request
153 during the discovery process, for the purpose of establishing a defense in a criminal case;
154 [
155 Department of Health who are engaged in their specified duty of ensuring Medicaid program
156 integrity under Section 26-18-2.3 ;
157 [
158 (i) the information relates to a patient who is:
159 (A) enrolled in a licensed substance abuse treatment program; and
160 (B) receiving treatment from, or under the direction of, the mental health therapist as
161 part of the patient's participation in the licensed substance abuse treatment program described
162 in Subsection (2)[
163 (ii) the information is sought for the purpose of determining whether the patient is
164 using a controlled substance while the patient is enrolled in the licensed substance abuse
165 treatment program described in Subsection (2)[
166 (iii) the licensed substance abuse treatment program described in Subsection
167 (2)[
168 (A) is a physician, a physician assistant, an advance practice registered nurse, or a
169 pharmacist; and
170 (B) is available to consult with the mental health therapist regarding the information
171 obtained by the mental health therapist, under this Subsection (2)[
172 [
173 entered into the database, upon providing evidence satisfactory to the division that the
174 individual requesting the information is in fact the individual about whom the data entry was
175 made;
176 [
177 Inspector General of Medicaid Services, for the purpose of fulfilling the duties described in
178 Title 63A, Chapter 13, Part 2, Office and Powers; and
179 [
180 opinion on an individual's request for workers' compensation benefits under Title 34A, Chapter
181 2, Workers' Compensation Act, or Title 34A, Chapter 3, Utah Occupational Disease Act:
182 (i) a member of the medical panel described in Section 34A-2-601 ; or
183 (ii) a physician offering a second opinion regarding treatment.
184 (3) (a) A practitioner described in Subsection (2)[
185 employees to access information from the database under Subsection (2)[
186 (4)(c).
187 (b) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
188 Administrative Rulemaking Act, to:
189 (i) establish background check procedures to determine whether an employee
190 designated under Subsection (2)[
191 database; and
192 (ii) establish the information to be provided by an emergency room employee under
193 Subsection (4).
194 (c) The division shall grant an employee designated under Subsection (2)[
195 (2)[
196 background check, that the employee poses a security risk to the information contained in the
197 database.
198 (4) (a) An individual who is employed in the emergency room of a hospital may
199 exercise access to the database under this Subsection (4) on behalf of a licensed practitioner if
200 the individual is designated under Subsection (4)(c) and the licensed practitioner:
201 (i) is employed in the emergency room;
202 (ii) is treating an emergency room patient for an emergency medical condition; and
203 (iii) requests that an individual employed in the emergency room and designated under
204 Subsection (4)(c) obtain information regarding the patient from the database as needed in the
205 course of treatment.
206 (b) The emergency room employee obtaining information from the database shall,
207 when gaining access to the database, provide to the database the name and any additional
208 identifiers regarding the requesting practitioner as required by division administrative rule
209 established under Subsection (3)(b).
210 (c) An individual employed in the emergency room under this Subsection (4) may
211 obtain information from the database as provided in Subsection (4)(a) if:
212 (i) the employee is designated by the practitioner as an individual authorized to access
213 the information on behalf of the practitioner;
214 (ii) the practitioner and the hospital operating the emergency room provide written
215 notice to the division of the identity of the designated employee; and
216 (iii) the division:
217 (A) grants the employee access to the database; and
218 (B) provides the employee with a password that is unique to that employee to access
219 the database in order to permit the division to comply with the requirements of Subsection
220 58-37f-203 (3)(b) with respect to the employee.
221 (d) The division may impose a fee, in accordance with Section 63J-1-504 , on a
222 practitioner who designates an employee under Subsection (2)[
223 pay for the costs incurred by the division to conduct the background check and make the
224 determination described in Subsection (3)(b).
225 (5) (a) An individual who is granted access to the database based on the fact that the
226 individual is a licensed practitioner or a mental health therapist shall be denied access to the
227 database when the individual is no longer licensed.
228 (b) An individual who is granted access to the database based on the fact that the
229 individual is a designated employee of a licensed practitioner shall be denied access to the
230 database when the practitioner is no longer licensed.
231 Section 2. Section 58-37f-601 is amended to read:
232 58-37f-601. Unlawful release or use of database information -- Criminal and civil
233 penalties.
234 (1) Any person who knowingly and intentionally releases any information in the
235 database or knowingly and intentionally releases any information obtained from other state or
236 federal prescription monitoring programs by means of the database in violation of the
237 limitations under Part 3, Access, is guilty of a third degree felony.
238 (2) (a) Any person who obtains or attempts to obtain information from the database or
239 from any other state or federal prescription monitoring programs by means of the database by
240 misrepresentation or fraud is guilty of a third degree felony.
241 (b) Any person who obtains or attempts to obtain information from the database for a
242 purpose other than a purpose authorized by this chapter or by rule is guilty of a third degree
243 felony.
244 (3) (a) Except as provided in Subsection (3)(e), a person may not knowingly and
245 intentionally use, release, publish, or otherwise make available to any other person any
246 information obtained from the database or from any other state or federal prescription
247 monitoring programs by means of the database for any purpose other than those specified in
248 Part 3, Access.
249 (b) Each separate violation of this Subsection (3) is a third degree felony and is also
250 subject to a civil penalty not to exceed $5,000.
251 (c) The procedure for determining a civil violation of this Subsection (3) is in
252 accordance with Section 58-1-108 , regarding adjudicative proceedings within the division.
253 (d) Civil penalties assessed under this Subsection (3) shall be deposited in the General
254 Fund as a dedicated credit to be used by the division under Subsection 58-37f-502 (1).
255 (e) This Subsection (3) does not prohibit a person who obtains information from the
256 database under Subsection 58-37f-301 (2)[
257 (i) including the information in the person's medical chart or file for access by a person
258 authorized to review the medical chart or file; or
259 (ii) providing the information to a person in accordance with the requirements of the
260 Health Insurance Portability and Accountability Act of 1996.
[Bill Documents][Bills Directory]