Section 58-37f-301 - Access to database(1) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, to: (a) effectively enforce the limitations on access to the database as described in this part; and(b) establish standards and procedures to ensure accurate identification of individuals requesting information or receiving information without request from the database.(2) The division shall make information in the database and information obtained from other state or federal prescription monitoring programs by means of the database available only to the following individuals, in accordance with the requirements of this chapter and division rules: (a)(i) personnel of the division specifically assigned to conduct investigations related to controlled substance laws under the jurisdiction of the division; and(ii) the following law enforcement officers, but the division may only provide nonidentifying information, limited to gender, year of birth, and postal ZIP code, regarding individuals for whom a controlled substance has been prescribed or to whom a controlled substance has been dispensed: (A) a law enforcement agency officer who is engaged in a joint investigation with the division; and(B) a law enforcement agency officer to whom the division has referred a suspected criminal violation of controlled substance laws;(b) authorized division personnel engaged in analysis of controlled substance prescription information as a part of the assigned duties and responsibilities of their employment;(c) a board member if: (i) the board member is assigned to monitor a licensee on probation; and(ii) the board member is limited to obtaining information from the database regarding the specific licensee on probation;(d) a person the division authorizes to obtain that information on behalf of the Utah Professionals Health Program established in Subsection 58-4a-103(1) if: (i) the person the division authorizes is limited to obtaining information from the database regarding the person whose conduct is the subject of the division's consideration; and(ii) the conduct that is the subject of the division's consideration includes a violation or a potential violation of Chapter 37, Utah Controlled Substances Act, or another relevant violation or potential violation under this title;(e) in accordance with a written agreement entered into with the department, employees of the Department of Health and Human Services:(i) whom the director of the Department of Health and Human Services assigns to conduct scientific studies regarding the use or abuse of controlled substances, if the identity of the individuals and pharmacies in the database are confidential and are not disclosed in any manner to any individual who is not directly involved in the scientific studies;(ii) when the information is requested by the Department of Health and Human Services in relation to a person or provider whom the Department of Health and Human Services suspects may be improperly obtaining or providing a controlled substance; or(iii) in the medical examiner's office;(f) in accordance with a written agreement entered into with the department, a designee of the director of the Department of Health and Human Services, who is not an employee of the Department of Health and Human Services, whom the director of the Department of Health and Human Services assigns to conduct scientific studies regarding the use or abuse of controlled substances pursuant to an application process established in rule by the Department of Health and Human Services, if:(i) the designee provides explicit information to the Department of Health and Human Services regarding the purpose of the scientific studies;(ii) the scientific studies to be conducted by the designee: (A) fit within the responsibilities of the Department of Health and Human Services for health and welfare;(B) are reviewed and approved by an Institutional Review Board that is approved for human subject research by the United States Department of Health and Human Services;(C) are not conducted for profit or commercial gain; and(D) are conducted in a research facility, as defined by division rule, that is associated with a university or college accredited by one or more regional or national accrediting agencies recognized by the United States Department of Education;(iii) the designee protects the information as a business associate of the Department of Health and Human Services; and(iv) the identity of the prescribers, patients, and pharmacies in the database are de-identified, confidential, and not disclosed in any manner to the designee or to any individual who is not directly involved in the scientific studies;(g) in accordance with a written agreement entered into with the department and the Department of Health and Human Services, authorized employees of a managed care organization, as defined in 42 C.F.R. Sec. 438, if: (i) the managed care organization contracts with the Department of Health and Human Services under the provisions of Section 26B-3-202 and the contract includes provisions that: (A) require a managed care organization employee who will have access to information from the database to submit to a criminal background check; and(B) limit the authorized employee of the managed care organization to requesting either the division or the Department of Health and Human Services to conduct a search of the database regarding a specific Medicaid enrollee and to report the results of the search to the authorized employee; and(ii) the information is requested by an authorized employee of the managed care organization in relation to a person who is enrolled in the Medicaid program with the managed care organization, and the managed care organization suspects the person may be improperly obtaining or providing a controlled substance; (h) a licensed practitioner having authority to prescribe controlled substances, to the extent the information: (i)(A) relates specifically to a current or prospective patient of the practitioner; and(B) is provided to or sought by the practitioner for the purpose of:(I) prescribing or considering prescribing any controlled substance to the current or prospective patient;(II) diagnosing the current or prospective patient;(III) providing medical treatment or medical advice to the current or prospective patient; or(IV) determining whether the current or prospective patient: (Aa) is attempting to fraudulently obtain a controlled substance from the practitioner; or(Bb) has fraudulently obtained, or attempted to fraudulently obtain, a controlled substance from the practitioner;(ii)(A) relates specifically to a former patient of the practitioner; and(B) is provided to or sought by the practitioner for the purpose of determining whether the former patient has fraudulently obtained, or has attempted to fraudulently obtain, a controlled substance from the practitioner;(iii) relates specifically to an individual who has access to the practitioner's Drug Enforcement Administration identification number, and the practitioner suspects that the individual may have used the practitioner's Drug Enforcement Administration identification number to fraudulently acquire or prescribe a controlled substance;(iv) relates to the practitioner's own prescribing practices, except when specifically prohibited by the division by administrative rule;(v) relates to the use of the controlled substance database by an employee of the practitioner, described in Subsection (2)(i); or(vi) relates to any use of the practitioner's Drug Enforcement Administration identification number to obtain, attempt to obtain, prescribe, or attempt to prescribe, a controlled substance;(i) in accordance with Subsection (3)(a), an employee of a practitioner described in Subsection (2)(h), for a purpose described in Subsection (2)(h)(i) or (ii), if: (i) the employee is designated by the practitioner as an individual authorized to access the information on behalf of the practitioner;(ii) the practitioner provides written notice to the division of the identity of the employee; and(iii) the division: (A) grants the employee access to the database; and(B) provides the employee with a password that is unique to that employee to access the database in order to permit the division to comply with the requirements of Subsection 58-37f-203(7) with respect to the employee;(j) an employee of the same business that employs a licensed practitioner under Subsection (2)(h) if: (i) the employee is designated by the practitioner as an individual authorized to access the information on behalf of the practitioner;(ii) the practitioner and the employing business provide written notice to the division of the identity of the designated employee; and(iii) the division: (A) grants the employee access to the database; and(B) provides the employee with a password that is unique to that employee to access the database in order to permit the division to comply with the requirements of Subsection 58-37f-203(7) with respect to the employee;(k) a licensed pharmacist having authority to dispense a controlled substance, or a licensed pharmacy intern or pharmacy technician working under the general supervision of a licensed pharmacist, to the extent the information is provided or sought for the purpose of: (i) dispensing or considering dispensing any controlled substance;(ii) determining whether a person: (A) is attempting to fraudulently obtain a controlled substance from the pharmacy, practitioner, or health care facility; or(B) has fraudulently obtained, or attempted to fraudulently obtain, a controlled substance from the pharmacy, practitioner, or health care facility;(iii) reporting to the controlled substance database; or(iv) verifying the accuracy of the data submitted to the controlled substance database on behalf of a pharmacy where the licensed pharmacist, pharmacy intern, or pharmacy technician is employed;(l) pursuant to a valid search warrant, federal, state, and local law enforcement officers and state and local prosecutors who are engaged in an investigation related to: (i) one or more controlled substances; and(ii) a specific person who is a subject of the investigation;(m) subject to Subsection (7), a probation or parole officer, employed by the Department of Corrections or by a political subdivision, to gain access to database information necessary for the officer's supervision of a specific probationer or parolee who is under the officer's direct supervision;(n) employees of the Office of Internal Audit within the Department of Health and Human Services who are engaged in their specified duty of ensuring Medicaid program integrity under Section 26B-3-104;(o) a mental health therapist, if: (i) the information relates to a patient who is: (A) enrolled in a licensed substance abuse treatment program; and(B) receiving treatment from, or under the direction of, the mental health therapist as part of the patient's participation in the licensed substance abuse treatment program described in Subsection (2)(o)(i)(A);(ii) the information is sought for the purpose of determining whether the patient is using a controlled substance while the patient is enrolled in the licensed substance abuse treatment program described in Subsection (2)(o)(i)(A); and(iii) the licensed substance abuse treatment program described in Subsection (2)(o)(i)(A) is associated with a practitioner who: (A) is a physician, a physician assistant, an advance practice registered nurse, or a pharmacist; and(B) is available to consult with the mental health therapist regarding the information obtained by the mental health therapist, under this Subsection (2)(o), from the database;(p) an individual who is the recipient of a controlled substance prescription entered into the database, upon providing evidence satisfactory to the division that the individual requesting the information is in fact the individual about whom the data entry was made;(q) an individual under Subsection (2)(p) for the purpose of obtaining a list of the persons and entities that have requested or received any information from the database regarding the individual, except if the individual's record is subject to a pending or current investigation as authorized under this Subsection (2);(r) the inspector general, or a designee of the inspector general, of the Office of Inspector General of Medicaid Services, for the purpose of fulfilling the duties described in Title 63A, Chapter 13, Part 2, Office and Powers;(s) the following licensed physicians for the purpose of reviewing and offering an opinion on an individual's request for workers' compensation benefits under Title 34A, Chapter 2, Workers' Compensation Act, or Title 34A, Chapter 3, Utah Occupational Disease Act: (i) a member of the medical panel described in Section 34A-2-601;(ii) a physician employed as medical director for a licensed workers' compensation insurer or an approved self-insured employer; or(iii) a physician offering a second opinion regarding treatment;(t) members of Utah's Opioid Fatality Review Committee, for the purpose of reviewing a specific fatality due to opioid use and recommending policies to reduce the frequency of opioid use fatalities;(u) a licensed pharmacist who is authorized by a managed care organization as defined in Section 31A-1-301 to access the information on behalf of the managed care organization, if: (i) the managed care organization believes that an enrollee of the managed care organization has obtained or provided a controlled substance in violation of a medication management program contract between the enrollee and the managed care organization; and(ii) the managed care organization included a description of the medication management program in the enrollee's outline of coverage described in Subsection 31A-22-605(7); and(v) the Utah Medicaid Fraud Control Unit of the attorney general's office for the purpose of investigating active cases, in exercising the unit's authority to investigate and prosecute Medicaid fraud, abuse, neglect, or exploitation under 42 U.S.C. Sec. 1396b(q).(3)(a) A practitioner described in Subsection (2)(h) may designate one or more employees to access information from the database under Subsection (2)(i), (2)(j), or (4)(c).(b) The division shall make rules, in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, to: (i) establish background check procedures to determine whether an employee designated under Subsection (2)(i), (2)(j), or (4)(c) should be granted access to the database;(ii) establish the information to be provided by an emergency department employee under Subsection (4); and(iii) facilitate providing controlled substance prescription information to a third party under Subsection (5).(c) The division shall grant an employee designated under Subsection (2)(i), (2)(j), or (4)(c) access to the database, unless the division determines, based on a background check, that the employee poses a security risk to the information contained in the database.(4)(a) An individual who is employed in the emergency department of a hospital may exercise access to the database under this Subsection (4) on behalf of a licensed practitioner if the individual is designated under Subsection (4)(c) and the licensed practitioner: (i) is employed or privileged to work in the emergency department;(ii) is treating an emergency department patient for an emergency medical condition; and(iii) requests that an individual employed in the emergency department and designated under Subsection (4)(c) obtain information regarding the patient from the database as needed in the course of treatment.(b) The emergency department employee obtaining information from the database shall, when gaining access to the database, provide to the database the name and any additional identifiers regarding the requesting practitioner as required by division administrative rule established under Subsection (3)(b).(c) An individual employed in the emergency department under this Subsection (4) may obtain information from the database as provided in Subsection (4)(a) if:(i) the employee is designated by the hospital as an individual authorized to access the information on behalf of the emergency department practitioner;(ii) the hospital operating the emergency department provide written notice to the division of the identity of the designated employee; and(iii) the division: (A) grants the employee access to the database; and(B) provides the employee with a password that is unique to that employee to access the database.(d) The division may impose a fee, in accordance with Section 63J-1-504, on a practitioner who designates an employee under Subsection (2)(i), (2)(j), or (4)(c) to pay for the costs incurred by the division to conduct the background check and make the determination described in Subsection (3)(b).(5)(a)(i) An individual may request that the division provide the information under Subsection (5)(b) to a third party who is designated by the individual each time a controlled substance prescription for the individual is dispensed.(ii) The division shall upon receipt of the request under this Subsection (5)(a) advise the individual in writing that the individual may direct the division to discontinue providing the information to a third party and that notice of the individual's direction to discontinue will be provided to the third party.(b) The information the division shall provide under Subsection (5)(a) is:(i) the fact a controlled substance has been dispensed to the individual, but without identifying the controlled substance; and(ii) the date the controlled substance was dispensed.(c)(i) An individual who has made a request under Subsection (5)(a) may direct that the division discontinue providing information to the third party.(ii) The division shall: (A) notify the third party that the individual has directed the division to no longer provide information to the third party; and(B) discontinue providing information to the third party.(6)(a) An individual who is granted access to the database based on the fact that the individual is a licensed practitioner or a mental health therapist shall be denied access to the database when the individual is no longer licensed.(b) An individual who is granted access to the database based on the fact that the individual is a designated employee of a licensed practitioner shall be denied access to the database when the practitioner is no longer licensed.(7) A probation or parole officer is not required to obtain a search warrant to access the database in accordance with Subsection (2)(m).(8) The division shall review and adjust the database programming which automatically logs off an individual who is granted access to the database under Subsections (2)(h), (2)(i), (2)(j), and (4)(c) to maximize the following objectives: (a) to protect patient privacy;(b) to reduce inappropriate access; and(c) to make the database more useful and helpful to a person accessing the database under Subsections (2)(h), (2)(i), (2)(j), and (4)(c), especially in high usage locations such as an emergency department.(9) Any person who knowingly and intentionally accesses the database without express authorization under this section is guilty of a class A misdemeanor.Amended by Chapter 329, 2023 General Session ,§ 23, eff. 5/3/2023.Amended by Chapter 315, 2021 General Session ,§ 1, eff. 5/5/2021.Amended by Chapter 104, 2021 General Session ,§ 1, eff. 5/5/2021.Amended by Chapter 339, 2020 General Session ,§ 49, eff. 5/12/2020.Amended by Chapter 147, 2020 General Session ,§ 2, eff. 5/12/2020.Amended by Chapter 107, 2020 General Session ,§ 12, eff. 5/12/2020.Amended by Chapter 123, 2018 General Session ,§ 2, eff. 5/8/2018.Amended by Chapter 237, 2017 General Session ,§ 2, eff. 5/9/2017.Amended by Chapter 5, 2016SP3 General Session ,§ 1, eff. 10/31/2016.Amended by Chapter 104, 2016 General Session ,§ 2, eff. 10/31/2016.Amended by Chapter 238, 2016 General Session ,§ 20, eff. 5/10/2016.Amended by Chapter 197, 2016 General Session ,§ 1, eff. 5/10/2016.Amended by Chapter 89, 2015 General Session ,§ 2, eff. 7/1/2015.Amended by Chapter 336, 2015 General Session ,§ 5, eff. 5/12/2015.Amended by Chapter 326, 2015 General Session ,§ 2, eff. 5/12/2015.Amended by Chapter 401, 2014 General Session ,§ 1, eff. 5/13/2014.Amended by Chapter 68, 2014 General Session ,§ 1, eff. 5/13/2014.Amended by Chapter 262, 2013 General Session ,§ 25, eff. 5/14/2013.Amended by Chapter 130, 2013 General Session ,§ 2, eff. 5/14/2013.Amended by Chapter 12, 2013 General Session ,§ 1, eff. 3/12/2013.Amended by Chapter 239, 2012 General Session ,§ 2, eff. 5/8/2012.Amended by Chapter 174, 2012 General Session ,§ 1, eff. 5/8/2012.Amended by Chapter 38, 2011 General Session
Amended by Chapter 151, 2011 General Session
Amended by Chapter 226, 2011 General Session