Mo. Code Regs. Ann. tit. 20, § 2220-2.300
Record Confidentiality and Disclosure
Effective Nov 30, 2019sections 338.100 and 338.280, RSMo 2016, and section 338.140, RSMo Supp. 2019.* This rule originally filed as 4 CSR 220-2.300. Original rule filed May 4, 1995, effective Dec. 30, 1995. Rescinded and readopted: Filed Nov. 1, 2000, effective June 30, 2001. Amended: Filed Dec. 15, 2003, effective July 30, 2004. Moved to 20 CSR 2220-2.300, effective Aug. 28, 2006. Amended: Filed May 13, 2019, effective Nov. 30, 2019. *Original authority: 338.100, RSMo 1939, amended 1971, 1990, 1997, 1999, 2010, 2016; 338.140, RSMo 1939, amended 1981, 1989, 1997, 2011, 2019; and 338.280, RSMo 1951, amended 1971, 1981State Board of Pharmacy
PURPOSE: This rule establishes requirements for the confidentiality and disclosure of records related to patient care.
- (1) Prescription records, physician orders, and other records related to any patient care or medical condition(s) of a patient that are maintained by a pharmacy in accordance with section 338.100, RSMo shall be considered confidential. Adequate security shall be maintained over such records in order to prevent any indiscriminate or unauthorized use of any written, electronic or verbal communications of confidential information.
(2) Confidential records may only be released to—
- (A) The patient;
- (B) A health care provider involved in treatment activities of the patient;
- (C) Lawful requests from a court or grand jury;
- (D) A person authorized by a court order;
- (E) Any other person or entity authorized by a patient to receive such information;
- (F) For the transfer of medical or prescription information between pharmacists as provided by law;
- (G) Government agencies acting within the scope of their statutory authority; or
- (H) A person or entity to whom such information may be disclosed under 45 CFR Parts 160, 164, and 165 (the Privacy Standards of the Health Insurance Portability and Accountability Act of 1996) or other applicable state/federal law.
- (3) This rule does not change or otherwise alter the authority of the board, its inspectors, or other authorized designees to review, inspect, copy, or take possession of any such records.
- (4) Methods to access, transmit, store, analyze, or purge confidential information shall be implemented using procedures generally recognized as secure by experts qualified by training and experience. Procedures shall be in place to ensure that purged confidential information cannot be misused or placed into active operation without appropriate authorization as provided in this rule. Internet connectivity or remote access tied directly to systems containing confidential information must be secure.
AUTHORITY: sections 338.100 and 338.280, RSMo 2016, and section 338.140, RSMo Supp. 2019.* This rule originally filed as 4 CSR 220-2.300. Original rule filed May 4, 1995, effective Dec. 30, 1995. Rescinded and readopted: Filed Nov. 1, 2000, effective June 30, 2001. Amended: Filed Dec. 15, 2003, effective July 30, 2004. Moved to 20 CSR 2220-2.300, effective Aug. 28, 2006. Amended: Filed May 13, 2019, effective Nov. 30, 2019. *Original authority: 338.100, RSMo 1939, amended 1971, 1990, 1997, 1999, 2010, 2016; 338.140, RSMo 1939, amended 1981, 1989, 1997, 2011, 2019; and 338.280, RSMo 1951, amended 1971, 1981.