Current through Register Vol. 30, No. 50, December 13, 2024
Section R4-23-502 - Requirements for Data Format and TransmissionA.Each dispenser shall submit to the Board or its designee by electronic means information regarding each prescription dispensed for a controlled substance listed in Schedules II, III, and IV of A.R.S. Title 36, Chapter 27, the Arizona Uniform Controlled Substances Act. The information reported shall conform to the August 31, 2005 Version 003, Release 000 ASAP Rules-based Standard Implementation Guide for Prescription Monitoring Programs published by the American Society for Automation in Pharmacy as specified in A.R.S. § 36-2608(B). The information submitted for each prescription shall include: 1. The name, address, telephone number, prescription number, and DEA registration number of the dispenser;2. The name, address, gender, date of birth, and telephone number of the person or, if for an animal, the owner of the animal for whom the prescription is written;3. The name, address, telephone number, and DEA registration number of the prescribing medical practitioner;4. The quantity and National Drug Code (NDC) number of the Schedule II, III, or IV controlled substance dispensed;5. The date the prescription was dispensed;6. The number of refills, if any, authorized by the medical practitioner;7. The date the prescription was issued;8. The method of payment identified as cash or third party; and9. Whether the prescription is new or a refill.B.A dispenser shall submit the required information electronically unless the Board or its designee approves a waiver as specified in subsection (D).C.A dispenser's electronic data transfer equipment including hardware, software, and internet connections shall meet the privacy and security standards of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, as amended, and A.R.S. § 12-2292, in addition to common internet industry standards for privacy and security. A dispenser shall ensure that each electronic transmission meets the following data protection requirements:1. Data shall be at least 128-bit encryption in transmission and at rest; and2. Data shall be transmitted via secure e-mail, telephone modem, diskette, CD-ROM, tape, secure File Transfer Protocol (FTP), Virtual Private Network (VPN), or other Board-approved media.D.A dispenser who does not have an automated recordkeeping system capable of producing an electronic report in the Board established format may request a waiver from electronic reporting by submitting a written request to the Board or its des-ignee. The Board or its designee shall grant the request if the dispenser agrees in writing to report the data by submitting a completed universal claim form supplied by the Board or its designee.E.Unless otherwise approved by the Board, a dispenser shall report by the close of business on each Friday the required information for the previous week, Sunday through Saturday. If a Friday falls on a state holiday, the dispenser shall report the information on the following business day. The Board or its designee may approve a less frequent reporting period if a dispenser makes a showing that a less frequent reporting period will not reduce the effectiveness of the system or jeopardize the public health.Ariz. Admin. Code § R4-23-502
Former Rule 5.2510. Amended by final rulemaking at 8 A.A.R. 4898, effective January 5, 2003 (Supp. 02-4). Recodified to R4-23-802 at 9 A.A.R. 4011, effective August 18, 2003 (Supp. 03-3). New Section made by final rulemaking at 14 A.A.R. 3410, effective October 4, 2008 (Supp. 08-3). New section made by final rulemaking at 20 A.A.R. 1359, effective 8/2/2014.