Missouri Code of State Regulations
Title 20 - DEPARTMENT OF COMMERCE AND INSURANCE
Division 2220 - State Board of Pharmacy
Chapter 2 - General Rules
Section 20 CSR 2220-2.300 - Record Confidentiality and Disclosure

Universal Citation: 20 MO Code of State Regs 2220-2.300

Current through Register Vol. 49, No. 6, March 15, 2024

PURPOSE: This rule is being amended pursuant to Executive Order 17-03 to remove unnecessary/duplicative rule language and to authorize disclosure of confidential records as allowed by state and federal law.

(1) Prescription records, physician orders and other records related to any patient care or medical condition(s) of a patient that are maintained by a pharmacy in accordance with section 338.100, RSMo shall be considered confidential. Adequate security shall be maintained over such records in order to prevent any indiscriminate or unauthorized use of any written, electronic or verbal communications of confidential information.

(2) Confidential records may only be released to-

(A) The patient;

(B) A health care provider involved in treatment activities of the patient;

(C) Lawful requests from a court or grand jury;

(D) A person authorized by a court order;

(E) Any other person or entity authorized by a patient to receive such information;

(F) For the transfer of medical or prescription information between pharmacists as provided by law;

(G) Government agencies acting within the scope of their statutory authority; or

(H) A person or entity to whom such information may be disclosed under 45 CFR Parts 160, 164 and 165 (the Privacy Standards of the Health Insurance Portability and Accountability Act of 1996) or other applicable state/federal law.

(3) This rule does not change or otherwise alter the authority of the board, its inspectors or other authorized designees to review, inspect, copy or take possession of any such records.

(4) Methods to access, transmit, store, analyze, or purge confidential information shall be implemented using procedures generally recognized as secure by experts qualified by training and experience. Procedures shall be in place to ensure that purged confidential information cannot be misused or placed into active operation without appropriate authorization as provided in this rule. Internet connectivity or remote access tied directly to systems containing confidential information must be secure.

*Original authority: 338.100, RSMo 1939, amended 1971, 1990, 1997, 1999; 338.140, RSMo 1939, amended 1981, 1989, 1997; 338.280, RSMo 1951, amended 1971, 1981.

Disclaimer: These regulations may not be the most recent version. Missouri may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.