Privacy Options Added to Prescription Monitoring Programs
“Prescription Drug Monitoring Programs have great potential to curtail opioid abuse, misuse, and diversion, and granting a variety of interested parties access to PDMP data may further that objective. However, the more entities that can review PDMP information the more important it becomes to develop standards for patient privacy.”
With that statement, members of the National Council of Insurance Legislators added enhancements to its model law to address opioids in the workers’ comp system. The expanded options seek a balanced approach to ensure data privacy.
A majority of states have adopted PDMPs as a way for health care providers to determine what medications their patients are taking. NCOIL last year adopted Best Practices to Address Opioid Abuse, Misuse and Diversion. It addresses how to establish, evaluate, and fund PDMPs that require real-time reporting; create strong evidence-based prescribing standards that recognize one-size-does-not-fit-all and that crack down on so-called “pill mill pain clinics”; promote education among physicians and the public; and encourage treatment and prevention.
NCOIL is comprised of state legislators whose main area of public policy interest is insurance legislation and regulation. At this year’s summer NCOIL meeting in Boston, members of the committees on Health, Long Term Care and Health Retirement Issues, and Workers’ Compensation Insurance unanimously adopted the enhancements to the best practices.
“As states contemplate what privacy options they wish to pursue, legislators should keep in mind that an assurance of confidentiality is crucial to a patient-physician relationship,” the enhancement stated. “Though courts around the country are divided as to whether state efforts to regulate controlled substances outweigh a need for patient privacy, legislators should consider whether it is appropriate to in some way limit what entities other than the physician have a right to know about a person’s medical conditions and treatment.”
The enhancement calls for safeguards to be clearly stated in statutes and regulations “to avoid confusion and to help empower state officials to take action as needed.”
The potential safeguards are:
- Making PDMP data confidential and excluding it from open records or public records laws.
- Explicitly requiring PDMP administering agencies to adopt policies and procedures that reasonably assure that only those who are legally authorized to access the database actually do so.
- Imposing appropriate legal penalties and administrative sanctions such as actions against someone’s license for violations and ensuring that the penalties/sanctions are enforced.
- Specifying who is authorized to access the data and for what purpose.
- Implementing detailed authentication procedures to verify that a user is qualified to access the PDMP pursuant to state law.