Mo. Code Regs. Ann. tit. 20, § 2220-2.300
Record Confidentiality and Disclosure
Effective Aug 28, 2006sections 338.100, 338.140 and 338.280, RSMo 2000.* This rule originally filed as 4 CSR 220-2.300. Original rule filed May 4, 1995, effective Dec. 30, 1995. Rescinded and readopted: Filed Nov. 1, 2000, effective June 30, 2001. Amended: Filed Dec. 15, 2003, effective July 30, 2004. Moved to 20 CSR 2220-2.300, effective Aug. 28, 2006. *Original authority: 338.100, RSMo 1939, amended 1971, 1990, 1997, 1999; 338.140, RSMo 1939, amended 1981, 1989, 1997; 338.280, RSMo 1951, amended 1971, 1981State Board of Pharmacy
PURPOSE: This rule establishes requirements for the confidentiality and disclosure of records related to patient care.
- (1) Prescription records, physician orders and other records related to any patient care or medical condition(s) of a patient that are maintained by a pharmacy in accordance with section 338.100, RSMo shall be considered confidential. Adequate security shall be maintained over such records in order to prevent any indiscriminate or unauthorized use of any written, electronic or verbal communications of confidential information.
(2) Confidential records shall not be released to anyone except—
- (A) The patient;
- (B) A health care provider involved in treatment activities of the patient;
- (C) Lawful requests from a court or grand jury;
- (D) A person authorized by a court order;
- (E) Any other person or entity authorized by a patient to receive such information;
- (F) For the transfer of medical or prescription information between pharmacists as provided by law;
- (G) Government agencies acting within the scope of their statutory authority; or
- (H) A person or entity to whom such information may be disclosed under 45 CFR Parts 160, 164 and 165 (the Privacy Standards of the Health Insurance Portability and Accountability Act of 1996).
- (3) This rule does not change or otherwise alter the authority of the board, its inspectors or other authorized designees to review, inspect, copy or take possession of any such records.
- (4) Methods to access, transmit, store, analyze, or purge confidential information shall be implemented using procedures generally recognized as secure by experts qualified by training and experience. Procedures shall be in place to ensure that purged confidential information cannot be misused or placed into active operation without appropriate authorization as provided in this rule. Internet connectivity or remote access tied directly to systems containing confidential information must be secure as provided for in 4 CSR 220- 2.085(2)(B).
AUTHORITY: sections 338.100, 338.140 and 338.280, RSMo 2000.* This rule originally filed as 4 CSR 220-2.300. Original rule filed May 4, 1995, effective Dec. 30, 1995. Rescinded and readopted: Filed Nov. 1, 2000, effective June 30, 2001. Amended: Filed Dec. 15, 2003, effective July 30, 2004. Moved to 20 CSR 2220-2.300, effective Aug. 28, 2006. *Original authority: 338.100, RSMo 1939, amended 1971, 1990, 1997, 1999; 338.140, RSMo 1939, amended 1981, 1989, 1997; 338.280, RSMo 1951, amended 1971, 1981.