PMP Audits, Appropriate Access and Patient Access

MODEL STATE LEGISLATION

Prescription Monitoring Program Audits, Appropriate Access, And Patient Access

Prescription monitoring program accountability and transparency.

Subdivision 1. Random audits.
The board shall conduct random audits, on at least a quarterly basis, of electronic access by permissible users, to ensure compliance with permissible use as defined in this section. A permissible user whose account has been selected for a random audit shall respond to an inquiry by the board, no later than 30 days after receipt of notice that an audit is being conducted. Failure to respond may result in deactivation of access to the electronic system and referral to the appropriate health licensing board, or the commissioner of human services, for further action. The board shall report the results of random audits to the chairs and ranking minority members of the legislative committees with jurisdiction over health and human services policy and finance and government data practices.

Subdivision 2. Appropriate access by delegates.
A permissible user who has delegated the task of accessing the data to an agent or employee shall audit the use of the electronic system by delegated agents or employees on at least a quarterly basis to ensure compliance with permissible use as defined in this section. When a delegated agent or employee has been identified as inappropriately accessing data, the permissible user must immediately remove access for that individual and notify the board within seven days. The board shall notify all permissible users associated with the delegated agent or employee of the alleged violation.

Subdivision 3. Removal of access upon termination of employment.
A permissible user who delegates access to the data to an agent or employee shall terminate that individual's access to the data within three business days of the agent or employee leaving employment with the permissible user. The board may conduct random audits to determine compliance with this requirement.

Subdivision 4. Patient information on record access.
A patient who has been prescribed a controlled substance may access the prescription monitoring program database in order to obtain information on access by permissible users to the patient's data record, including the name and organizational affiliation of the permissible user and the date of access. The board must release a minimum of 12 months of data, or the entire time period stored in the database, whichever is greater. In order to obtain this information, the patient must complete, notarize, and submit a request form developed by the board. The board shall make this form available to the public on the board's website.

 

view pdf