2
3
4
5
6
7
8 LONG TITLE
9 General Description:
10 This bill amends the Controlled Substance Database Act.
11 Highlighted Provisions:
12 This bill:
13 ▸ authorizes the Division of Occupational and Professional Licensing to provide
14 information to a managed care organization under certain circumstances;
15 ▸ creates an exception to certain restrictions on access to the controlled substances
16 database; and
17 ▸ makes technical changes.
18 Money Appropriated in this Bill:
19 None
20 Other Special Clauses:
21 None
22 Utah Code Sections Affected:
23 AMENDS:
24 58-37f-301, as last amended by Laws of Utah 2018, Chapter 123
25 58-37f-302, as enacted by Laws of Utah 2010, Chapter 287
26
27 Be it enacted by the Legislature of the state of Utah:
28 Section 1. Section 58-37f-301 is amended to read:
29 58-37f-301. Access to database.
30 (1) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
31 Administrative Rulemaking Act, to:
32 (a) effectively enforce the limitations on access to the database as described in this
33 part; and
34 (b) establish standards and procedures to ensure accurate identification of individuals
35 requesting information or receiving information without request from the database.
36 (2) The division shall make information in the database and information obtained from
37 other state or federal prescription monitoring programs by means of the database available only
38 to the following individuals, in accordance with the requirements of this chapter and division
39 rules:
40 (a) (i) personnel of the division specifically assigned to conduct investigations related
41 to controlled substance laws under the jurisdiction of the division; and
42 (ii) the following law enforcement officers, but the division may only provide
43 nonidentifying information, limited to gender, year of birth, and postal ZIP code, regarding
44 individuals for whom a controlled substance has been prescribed or to whom a controlled
45 substance has been dispensed:
46 (A) a law enforcement agency officer who is engaged in a joint investigation with the
47 division; and
48 (B) a law enforcement agency officer to whom the division has referred a suspected
49 criminal violation of controlled substance laws;
50 (b) authorized division personnel engaged in analysis of controlled substance
51 prescription information as a part of the assigned duties and responsibilities of their
52 employment;
53 (c) a board member if:
54 (i) the board member is assigned to monitor a licensee on probation; and
55 (ii) the board member is limited to obtaining information from the database regarding
56 the specific licensee on probation;
57 (d) a member of a diversion committee established in accordance with Subsection
58 58-1-404(2) if:
59 (i) the diversion committee member is limited to obtaining information from the
60 database regarding the person whose conduct is the subject of the committee's consideration;
61 and
62 (ii) the conduct that is the subject of the committee's consideration includes a violation
63 or a potential violation of Chapter 37, Utah Controlled Substances Act, or another relevant
64 violation or potential violation under this title;
65 (e) in accordance with a written agreement entered into with the department,
66 employees of the Department of Health:
67 (i) whom the director of the Department of Health assigns to conduct scientific studies
68 regarding the use or abuse of controlled substances, if the identity of the individuals and
69 pharmacies in the database are confidential and are not disclosed in any manner to any
70 individual who is not directly involved in the scientific studies;
71 (ii) when the information is requested by the Department of Health in relation to a
72 person or provider whom the Department of Health suspects may be improperly obtaining or
73 providing a controlled substance; or
74 (iii) in the medical examiner's office;
75 (f) in accordance with a written agreement entered into with the department, a designee
76 of the director of the Department of Health, who is not an employee of the Department of
77 Health, whom the director of the Department of Health assigns to conduct scientific studies
78 regarding the use or abuse of controlled substances pursuant to an application process
79 established in rule by the Department of Health, if:
80 (i) the designee provides explicit information to the Department of Health regarding
81 the purpose of the scientific studies;
82 (ii) the scientific studies to be conducted by the designee:
83 (A) fit within the responsibilities of the Department of Health for health and welfare;
84 (B) are reviewed and approved by an Institutional Review Board that is approved for
85 human subject research by the United States Department of Health and Human Services; and
86 (C) are not conducted for profit or commercial gain; and
87 (D) are conducted in a research facility, as defined by division rule, that is associated
88 with a university or college accredited by one or more regional or national accrediting agencies
89 recognized by the United States Department of Education;
90 (iii) the designee protects the information as a business associate of the Department of
91 Health; and
92 (iv) the identity of the prescribers, patients, and pharmacies in the database are
93 de-identified, confidential, and not disclosed in any manner to the designee or to any individual
94 who is not directly involved in the scientific studies;
95 (g) in accordance with [
96 the Department of Health, authorized employees of a managed care organization, as defined in
97 42 C.F.R. Sec. 438, if:
98 (i) the managed care organization contracts with the Department of Health under the
99 provisions of Section 26-18-405 and the contract includes provisions that:
100 (A) require a managed care organization employee who will have access to information
101 from the database to submit to a criminal background check; and
102 (B) limit the authorized employee of the managed care organization to requesting
103 either the division or the Department of Health to conduct a search of the database regarding a
104 specific Medicaid enrollee and to report the results of the search to the authorized employee;
105 and
106 (ii) the information is requested by an authorized employee of the managed care
107 organization in relation to a person who is enrolled in the Medicaid program with the managed
108 care organization, and the managed care organization suspects the person may be improperly
109 obtaining or providing a controlled substance;
110 (h) a licensed practitioner having authority to prescribe controlled substances, to the
111 extent the information:
112 (i) (A) relates specifically to a current or prospective patient of the practitioner; and
113 (B) is provided to or sought by the practitioner for the purpose of:
114 (I) prescribing or considering prescribing any controlled substance to the current or
115 prospective patient;
116 (II) diagnosing the current or prospective patient;
117 (III) providing medical treatment or medical advice to the current or prospective
118 patient; or
119 (IV) determining whether the current or prospective patient:
120 (Aa) is attempting to fraudulently obtain a controlled substance from the practitioner;
121 or
122 (Bb) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
123 substance from the practitioner;
124 (ii) (A) relates specifically to a former patient of the practitioner; and
125 (B) is provided to or sought by the practitioner for the purpose of determining whether
126 the former patient has fraudulently obtained, or has attempted to fraudulently obtain, a
127 controlled substance from the practitioner;
128 (iii) relates specifically to an individual who has access to the practitioner's Drug
129 Enforcement Administration identification number, and the practitioner suspects that the
130 individual may have used the practitioner's Drug Enforcement Administration identification
131 number to fraudulently acquire or prescribe a controlled substance;
132 (iv) relates to the practitioner's own prescribing practices, except when specifically
133 prohibited by the division by administrative rule;
134 (v) relates to the use of the controlled substance database by an employee of the
135 practitioner, described in Subsection (2)(i); or
136 (vi) relates to any use of the practitioner's Drug Enforcement Administration
137 identification number to obtain, attempt to obtain, prescribe, or attempt to prescribe, a
138 controlled substance;
139 (i) in accordance with Subsection (3)(a), an employee of a practitioner described in
140 Subsection (2)(h), for a purpose described in Subsection (2)(h)(i) or (ii), if:
141 (i) the employee is designated by the practitioner as an individual authorized to access
142 the information on behalf of the practitioner;
143 (ii) the practitioner provides written notice to the division of the identity of the
144 employee; and
145 (iii) the division:
146 (A) grants the employee access to the database; and
147 (B) provides the employee with a password that is unique to that employee to access
148 the database in order to permit the division to comply with the requirements of Subsection
149 58-37f-203[
150 (j) an employee of the same business that employs a licensed practitioner under
151 Subsection (2)(h) if:
152 (i) the employee is designated by the practitioner as an individual authorized to access
153 the information on behalf of the practitioner;
154 (ii) the practitioner and the employing business provide written notice to the division of
155 the identity of the designated employee; and
156 (iii) the division:
157 (A) grants the employee access to the database; and
158 (B) provides the employee with a password that is unique to that employee to access
159 the database in order to permit the division to comply with the requirements of Subsection
160 58-37f-203[
161 (k) a licensed pharmacist having authority to dispense a controlled substance to the
162 extent the information is provided or sought for the purpose of:
163 (i) dispensing or considering dispensing any controlled substance; or
164 (ii) determining whether a person:
165 (A) is attempting to fraudulently obtain a controlled substance from the pharmacist; or
166 (B) has fraudulently obtained, or attempted to fraudulently obtain, a controlled
167 substance from the pharmacist;
168 (l) in accordance with Subsection (3)(a), a licensed pharmacy technician and pharmacy
169 intern who is an employee of a pharmacy as defined in Section 58-17b-102, for the purposes
170 described in Subsection (2)(j)(i) or (ii), if:
171 (i) the employee is designated by the pharmacist-in-charge as an individual authorized
172 to access the information on behalf of a licensed pharmacist employed by the pharmacy;
173 (ii) the pharmacist-in-charge provides written notice to the division of the identity of
174 the employee; and
175 (iii) the division:
176 (A) grants the employee access to the database; and
177 (B) provides the employee with a password that is unique to that employee to access
178 the database in order to permit the division to comply with the requirements of Subsection
179 58-37f-203(5) with respect to the employee;
180 (m) pursuant to a valid search warrant, federal, state, and local law enforcement
181 officers and state and local prosecutors who are engaged in an investigation related to:
182 (i) one or more controlled substances; and
183 (ii) a specific person who is a subject of the investigation;
184 (n) subject to Subsection (7), a probation or parole officer, employed by the
185 Department of Corrections or by a political subdivision, to gain access to database information
186 necessary for the officer's supervision of a specific probationer or parolee who is under the
187 officer's direct supervision;
188 (o) employees of the Office of Internal Audit and Program Integrity within the
189 Department of Health who are engaged in their specified duty of ensuring Medicaid program
190 integrity under Section 26-18-2.3;
191 (p) a mental health therapist, if:
192 (i) the information relates to a patient who is:
193 (A) enrolled in a licensed substance abuse treatment program; and
194 (B) receiving treatment from, or under the direction of, the mental health therapist as
195 part of the patient's participation in the licensed substance abuse treatment program described
196 in Subsection (2)(p)(i)(A);
197 (ii) the information is sought for the purpose of determining whether the patient is
198 using a controlled substance while the patient is enrolled in the licensed substance abuse
199 treatment program described in Subsection (2)(p)(i)(A); and
200 (iii) the licensed substance abuse treatment program described in Subsection
201 (2)(p)(i)(A) is associated with a practitioner who:
202 (A) is a physician, a physician assistant, an advance practice registered nurse, or a
203 pharmacist; and
204 (B) is available to consult with the mental health therapist regarding the information
205 obtained by the mental health therapist, under this Subsection (2)(p), from the database;
206 (q) an individual who is the recipient of a controlled substance prescription entered into
207 the database, upon providing evidence satisfactory to the division that the individual requesting
208 the information is in fact the individual about whom the data entry was made;
209 (r) an individual under Subsection (2)(q) for the purpose of obtaining a list of the
210 persons and entities that have requested or received any information from the database
211 regarding the individual, except if the individual's record is subject to a pending or current
212 investigation as authorized under this Subsection (2);
213 (s) the inspector general, or a designee of the inspector general, of the Office of
214 Inspector General of Medicaid Services, for the purpose of fulfilling the duties described in
215 Title 63A, Chapter 13, Part 2, Office and Powers;
216 (t) the following licensed physicians for the purpose of reviewing and offering an
217 opinion on an individual's request for workers' compensation benefits under Title 34A, Chapter
218 2, Workers' Compensation Act, or Title 34A, Chapter 3, Utah Occupational Disease Act:
219 (i) a member of the medical panel described in Section 34A-2-601;
220 (ii) a physician employed as medical director for a licensed workers' compensation
221 insurer or an approved self-insured employer; or
222 (iii) a physician offering a second opinion regarding treatment; [
223 (u) members of Utah's Opioid Fatality Review Committee, for the purpose of
224 reviewing a specific fatality due to opioid use and recommending policies to reduce the
225 frequency of opioid use fatalities[
226 (v) a licensed pharmacist who is authorized by a managed care organization as defined
227 in Section 31A-1-301 to access the information on behalf of the managed care organization, if:
228 (i) the managed care organization believes that an enrollee of the managed care
229 organization has obtained or provided a controlled substance in violation of a medication
230 management program contract between the enrollee and the managed care organization; and
231 (ii) the managed care organization included a description of the medication
232 management program in the enrollee's outline of coverage described in Subsection
233 31A-22-605(7).
234 (3) (a) (i) A practitioner described in Subsection (2)(h) may designate one or more
235 employees to access information from the database under Subsection (2)(i), (2)(j), or (4)(c).
236 (ii) A pharmacist described in Subsection (2)(k) who is a pharmacist-in-charge may
237 designate up to five employees to access information from the database under Subsection (2)(l).
238 (b) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah
239 Administrative Rulemaking Act, to:
240 (i) establish background check procedures to determine whether an employee
241 designated under Subsection (2)(i), (2)(j), or (4)(c) should be granted access to the database;
242 and
243 (ii) establish the information to be provided by an emergency department employee
244 under Subsection (4); and
245 (iii) facilitate providing controlled substance prescription information to a third party
246 under Subsection (5).
247 (c) The division shall grant an employee designated under Subsection (2)(i), (2)(j), or
248 (4)(c) access to the database, unless the division determines, based on a background check, that
249 the employee poses a security risk to the information contained in the database.
250 (4) (a) An individual who is employed in the emergency department of a hospital may
251 exercise access to the database under this Subsection (4) on behalf of a licensed practitioner if
252 the individual is designated under Subsection (4)(c) and the licensed practitioner:
253 (i) is employed in the emergency department;
254 (ii) is treating an emergency department patient for an emergency medical condition;
255 and
256 (iii) requests that an individual employed in the emergency department and designated
257 under Subsection (4)(c) obtain information regarding the patient from the database as needed in
258 the course of treatment.
259 (b) The emergency department employee obtaining information from the database
260 shall, when gaining access to the database, provide to the database the name and any additional
261 identifiers regarding the requesting practitioner as required by division administrative rule
262 established under Subsection (3)(b).
263 (c) An individual employed in the emergency department under this Subsection (4)
264 may obtain information from the database as provided in Subsection (4)(a) if:
265 (i) the employee is designated by the practitioner as an individual authorized to access
266 the information on behalf of the practitioner;
267 (ii) the practitioner and the hospital operating the emergency department provide
268 written notice to the division of the identity of the designated employee; and
269 (iii) the division:
270 (A) grants the employee access to the database; and
271 (B) provides the employee with a password that is unique to that employee to access
272 the database in order to permit the division to comply with the requirements of Subsection
273 58-37f-203(5) with respect to the employee.
274 (d) The division may impose a fee, in accordance with Section 63J-1-504, on a
275 practitioner who designates an employee under Subsection (2)(i), (2)(j), or (4)(c) to pay for the
276 costs incurred by the division to conduct the background check and make the determination
277 described in Subsection (3)(b).
278 (5) (a) (i) An individual may request that the division provide the information under
279 Subsection (5)(b) to a third party who is designated by the individual each time a controlled
280 substance prescription for the individual is dispensed.
281 (ii) The division shall upon receipt of the request under this Subsection (5)(a) advise
282 the individual in writing that the individual may direct the division to discontinue providing the
283 information to a third party and that notice of the individual's direction to discontinue will be
284 provided to the third party.
285 (b) The information the division shall provide under Subsection (5)(a) is:
286 (i) the fact a controlled substance has been dispensed to the individual, but without
287 identifying the controlled substance; and
288 (ii) the date the controlled substance was dispensed.
289 (c) (i) An individual who has made a request under Subsection (5)(a) may direct that
290 the division discontinue providing information to the third party.
291 (ii) The division shall:
292 (A) notify the third party that the individual has directed the division to no longer
293 provide information to the third party; and
294 (B) discontinue providing information to the third party.
295 (6) (a) An individual who is granted access to the database based on the fact that the
296 individual is a licensed practitioner or a mental health therapist shall be denied access to the
297 database when the individual is no longer licensed.
298 (b) An individual who is granted access to the database based on the fact that the
299 individual is a designated employee of a licensed practitioner shall be denied access to the
300 database when the practitioner is no longer licensed.
301 (7) A probation or parole officer is not required to obtain a search warrant to access the
302 database in accordance with Subsection (2)(n).
303 (8) The division shall review and adjust the database programming which
304 automatically logs off an individual who is granted access to the database under Subsections
305 (2)(h), (2)(i), (2)(j), and (4)(c) to maximize the following objectives:
306 (a) to protect patient privacy;
307 (b) to reduce inappropriate access; and
308 (c) to make the database more useful and helpful to a person accessing the database
309 under Subsections (2)(h), (2)(i), (2)(j), and (4)(c), especially in high usage locations such as an
310 emergency department.
311 Section 2. Section 58-37f-302 is amended to read:
312 58-37f-302. Other restrictions on access to database.
313 (1) A person who is a relative of a deceased individual is not entitled to access
314 information from the database relating to the deceased individual based on the fact or claim
315 that the person is:
316 (a) related to the deceased individual; or
317 (b) subrogated to the rights of the deceased individual.
318 (2) Except as provided in Subsection (3), data provided to, maintained in, or accessed
319 from the database that may be identified to, or with, a particular person is not subject to
320 discovery, subpoena, or similar compulsory process in [
321 legislative proceeding, nor shall [
322 data be compelled to testify with regard to the data.
323 (3) The restrictions described in Subsection (2) do not apply to a civil, judicial, or
324 administrative action brought:
325 (a) to enforce the provisions of this chapter[
326 (b) against a managed care organization, as defined in 42 C.F.R. Sec. 438.2, if:
327 (i) the action is related to Medicaid coverage;
328 (ii) the managed care organization has entered into a written agreement with the
329 Department of Health as described in Subsection 58-37f-301(2)(g); and
330 (iii) the division and the Department of Health agree in writing not to apply the
331 restrictions described in Subsection (2).