Mo. Code Regs. tit. 20 § 2220-2.300

Current through Register Vol. 49, No. 21, November 1, 2024.
Section 20 CSR 2220-2.300 - Record Confidentiality and Disclosure

PURPOSE: This rule is being amended pursuant to Executive Order 17-03 to remove unnecessary/duplicative rule language and to authorize disclosure of confidential records as allowed by state and federal law.

(1) Prescription records, physician orders and other records related to any patient care or medical condition(s) of a patient that are maintained by a pharmacy in accordance with section 338.100, RSMo shall be considered confidential. Adequate security shall be maintained over such records in order to prevent any indiscriminate or unauthorized use of any written, electronic or verbal communications of confidential information.
(2) Confidential records may only be released to-
(A) The patient;
(B) A health care provider involved in treatment activities of the patient;
(C) Lawful requests from a court or grand jury;
(D) A person authorized by a court order;
(E) Any other person or entity authorized by a patient to receive such information;
(F) For the transfer of medical or prescription information between pharmacists as provided by law;
(G) Government agencies acting within the scope of their statutory authority; or
(H) A person or entity to whom such information may be disclosed under 45 CFR Parts 160, 164 and 165 (the Privacy Standards of the Health Insurance Portability and Accountability Act of 1996) or other applicable state/federal law.
(3) This rule does not change or otherwise alter the authority of the board, its inspectors or other authorized designees to review, inspect, copy or take possession of any such records.
(4) Methods to access, transmit, store, analyze, or purge confidential information shall be implemented using procedures generally recognized as secure by experts qualified by training and experience. Procedures shall be in place to ensure that purged confidential information cannot be misused or placed into active operation without appropriate authorization as provided in this rule. Internet connectivity or remote access tied directly to systems containing confidential information must be secure.

20 CSR 2220-2.300

AUTHORITY: sections 338.100, 338.140 and 338.280, RSMo 2000.* This rule originally filed as 4 CSR 220-2.300. Original rule filed May 4, 1995, effective Dec. 30, 1995. Rescinded and readopted: Filed Nov. 1, 2000, effective June 30, 2001. Amended: Filed Dec. 15, 2003, effective July 30, 2004. Moved to 20 CSR 2220-2.300, effective Aug. 28, 2006.
Amended by Missouri Register October 1, 2019/Volume 44, Number 19, effective 11/30/2019

*Original authority: 338.100, RSMo 1939, amended 1971, 1990, 1997, 1999; 338.140, RSMo 1939, amended 1981, 1989, 1997; 338.280, RSMo 1951, amended 1971, 1981.