Policies
Practitioners Usage Guidelines
Law Enforcement Usage Guidelines
Licensing Board and Compliance Officer Guidelines
Applications are in Adobe Acrobat PDF format. If you do not have Adobe Acrobat, you may download their free reader at http://www.adobe.com/.
Practitioners Utilizing INSPECT
PURPOSE
To ensure the protection of patient confidentiality when using the INSPECT System
SCOPE
This policy applies to all registered Practitioner accountholders.
STATEMENT OF POLICY
Each practitioner granted access to INSPECT holds a position of trust and must preserve the security and confidentiality of the INSPECT data he/she uses. INSPECT practitioners must meet specific eligibility requirements and must abide by all applicable Federal and State guidelines including, but not limited to, IC-35-48-7 and The Health Insurance Portability and Accountability Act of 1996 (HIPAA). The misuse of INSPECT data constitutes a criminal offense and may result in the suspension/revocation of a user’s account access privileges, or, in some cases, action against the offending accountholder’s professional license. Users wishing to reinstate their INSPECT account access privileges must formally petition, and appear before, the Controlled Substances Advisory Committee.
REFERENCE
IC-35-48-7-11.1
USAGE GUIDELINES
1. Establishing an Account: Only health practitioners who are licensed to prescribe or dispense controlled substances in the United States may establish an INSPECT account and request an INSPECT Patient Rx History Report via the PMP WebCenter.
2. Certifying an Agent: A registered accountholder may certify whomever they choose to serve as their agent for purposes of submitting requests to INSPECT; however, any misuse or illicit activity found to be occurring with an account is the sole responsibility of the accountholder.
3. Contents of Report: An INSPECT Patient Rx History Report provides an overview of a patient’s prescription activity over a certain period of time. The information contained in the report is submitted to INSPECT by the dispensing pharmacy within seven (7) days from the date on which the drug was dispensed to the patient. There is often a lag of up to two (2) weeks before the prescription data is available for review on INSPECT. Many prescriptions dispensed on an outpatient basis at hospital pharmacies or doctors’ offices may not be present on INSPECT Rx History Reports.
4. Requesting Report: Health Practitioners may only request reports on patients for whom they are providing treatment or evaluating the need for treatment. This includes patients who have made appointments for an initial office visit or persons who have presented a prescription to a pharmacist. Health Practitioners may not request a report on office/pharmacy staff, prospective employees, or anyone else for whom there is no medical chart/record available on-site for review at the practitioner’s office/pharmacy location.
5. Limited Use of Report: The INSPECT Patient Rx History Report must be used only for purposes of making medical treatment decisions. Users should always take steps to verify that the information contained in the report is accurate. The report should be one factor in a comprehensive assessment of a patient.
6. Sharing Report: The information contained in the INSPECT Patient Rx History Report is privileged medical treatment information and must not be discussed with anyone who is not involved in the direct provision of medical treatment for the patient. Practitioners may contact other health providers to discuss the care of a mutual patient. If another provider wishes to have a copy of the INSPECT Patient Rx History Report, they should establish an account and submit a request for their own copy of the report. The report, or the contents of the report, should never be faxed, mailed, emailed or otherwise disseminated. Practitioners must also not provide a copy of the INSPECT report to the patient. On matters related to the sharing of an INSPECT Patient Rx History Report with law enforcement, please consult with the appropriate professional association for additional guidance.
7. Storing Report: If the INSPECT Patient Rx History Report is stored along with a patient’s other medical records, it must be clearly marked “Do Not Copy.” It should never be included when sending a patient’s medical records to another health provider.
8. Role of INSPECT Staff: Practitioners will not receive confidential prescription information from INSPECT staff over the phone. Practitioners should not expect INSPECT Staff to serve in a liaison role between themselves and law enforcement.
Law Enforcement Utilizing INSPECT
PURPOSE
To ensure the protection of patient and practitioner confidentiality when law enforcement users access INSPECT data.
SCOPE
This policy applies to all registered law enforcement accountholders.
STATEMENT OF POLICY
Each member of federal, state, or local law enforcement granted access to INSPECT holds a position of trust and must preserve the security and confidentiality of the INSPECT data he/she uses. INSPECT law enforcement users must meet specific eligibility requirements and must abide by all applicable Federal and State guidelines including, but not limited to, IC-35-48-7 and The Health Insurance Portability and Accountability Act of 1996 (HIPAA). INSPECT users must also utilize the system in accordance with CSAC-approved usage guidelines. Misuse of INSPECT data constitutes a criminal offense and may result in the suspension/revocation of the user’s account access privileges. Users wishing to reinstate their suspended/revoked INSPECT account access privileges must formally petition, and appear before, the Controlled Substances Advisory Committee (CSAC).
REFERENCES
IC-35-48-7-11.1
USAGE GUIDELINES
1. Establishing an INSPECT Account: All local, state and federal law enforcement officers are eligible for INSPECT accounts. This includes sworn officers, prosecutors, county coroners, Board of Pharmacy/Controlled Substance Advisory Committee (CSAC) compliance officers, and investigators affiliated with the Indiana Attorney General.
2. Contents of Report: An INSPECT Patient or Practitioner Rx History Report provides an overview of a patient or practitioner’s prescription activity for a specific period of time. The information contained in the report is submitted to INSPECT by the dispensing pharmacy within seven (7) days from the date on which the drug was dispensed to the patient. There is often a lag of up to two (2) weeks before the prescription data is available for review on INSPECT. Many prescriptions dispensed on an outpatient basis at hospital pharmacies or doctors’ offices may not be present on INSPECT Rx History Reports.
3. Requesting a Report: A law enforcement user is authorized to request an INSPECT Rx Report if:
a) The law enforcement user is currently engaged in an active, ongoing investigation pertaining to the subject of the request; and
b) The investigation involves controlled substances.
Law enforcement users may not request an INSPECT Report for any purpose other than to assist in an active, ongoing investigation pertaining to controlled substances. Misuse includes, but is not limited to, requesting an INSPECT Report to aid in the search for a fugitive, to track a parolee, to hold an arrestee, or to bolster a tax evasion case.
Law enforcement users are also not permitted to request an INSPECT Report based solely on the contents or findings of another INSPECT Report.
4. Case Identifier: Law Enforcement users must include a case number with every Patient or Practitioner Rx History Report request issued to INSPECT.
5. Limited Use of Report: An INSPECT Rx History Report is not evidence. It is a tool intended to make the evidence gathering process more efficient. And the contents of the report must be thoroughly verified and reviewed before any formal action is taken against the subject of the INSPECT report.
6. Sharing Report: The information contained in the INSPECT Patient Rx History Report is privileged medical treatment information and must not be discussed with anyone who is not involved in an active, ongoing investigation of the patient/practitioner for whom the report was generated. Law enforcement users working within the same agency/office may share reports; however, if law enforcement personnel from outside the agency/office wish to obtain a copy of the report, they should establish an account with INSPECT and submit a request for their own copy of the report. The report, or the contents of the report, should never be faxed, mailed, emailed or otherwise disseminated. The report should also never be given directly to the patient/practitioner for whom the report was generated.
7. Storing Report: If the INSPECT Patient Rx History Report is stored by law enforcement within an office/agency location, it must be clearly marked “Do Not Copy.”
8. Role of INSPECT Staff: INSPECT will never provide prescription information to members of Law Enforcement over the phone. As INSPECT staff has no personal or prior knowledge of the contents of INSPECT Rx History Reports, they should never be subpoenaed or formally called upon by law enforcement to examine, explain, interpret, or otherwise participate in the evaluation of an INSPECT Rx History Report.
9. Misuse/Misconduct: The misuse of INSPECT data constitutes a criminal offense and may result in the suspension/revocation of a user’s account access privileges. Law enforcement users wishing to reinstate their INSPECT account access privileges must formally petition, and appear before, the Controlled Substances Advisory Committee.
Licensing Boards Utilizing INSPECT
PURPOSE
To ensure that professional licensing boards, board members, and board directors fully validate INSPECT materials and meet a reasonable investigatory standard before they utilize INSPECT materials for board-related matters.
SCOPE
This policy applies to all Board of Pharmacy/Controlled Substances Advisory Committee (CSAC) compliance officers, professional licensing boards, board members, and board directors
STATEMENT OF POLICY
According to IC-35-48-7-11.1, the INSPECT Program may release confidential patient information to professional licensing boards, provided the board is engaged in an investigation, adjudication, or prosecution of a violation under a state or federal law pertaining to controlled substances. However, it is not INSPECT’s policy to extend individual account access privileges to boards, board members or board directors. Should a board require an INSPECT report for a specific licensee, they must issue a formal request to the applicable Board of Pharmacy/CSAC compliance officer, depending on the geographic location of the licensee, and use the system in accordance with approved board request procedures (see below).
Individual board members are still permitted to establish practitioner or law enforcement accounts with INSPECT should they want and qualify for one. However, any INSPECT Patient/Practitioner Rx History Report generated from an individual board member’s own INSPECT account cannot be used for board-related purposes.
REFERENCES
IC-35-48-7-11.1
BOARD REQUEST PROCEDURES
- Initiating an Investigation on a Licensee: If a licensing board seeks to obtain INSPECT records for a particular licensee, they must first submit a formal request to a Pharmacy/CSAC Compliance Officer.
- Meeting Reasonable Investigatory Standard: The Compliance Officer will then proceed to collect additional information related to the matter, begin a case file, and, if warranted, generate an INSPECT Report. The primary role of the Compliance Officer is evidence-gathering and validation.
- Validation of INSPECT Report: Because INSPECT cannot guarantee the veracity of the information contained in the INSPECT Report, a Compliance Officer, upon receipt of the INSPECT Report, must take steps to validate the contents of the report.
- Review by Board/Board Designee: Once the contents of the INSPECT Report have been fully validated, the INSPECT Report may be reviewed by the Board and/or the Board Designee.
Staff Confidentiality & Security
PURPOSE
To establish standards for the conduct of INSPECT staff as it relates to protecting confidential patient information and storing and retaining sensitive documents and media.
SCOPE
This policy applies to staff of the Indiana Scheduled Electronic Collection and Tracking (INSPECT) Program.
STATEMENT OF POLICY
Given the sensitive nature of daily operational activities at INSPECT, all INSPECT staff are expected to meet strict confidentiality and security standards, including applicable Indiana laws and Federal HIPAA Standards. The staff must not share or discuss details of any INSPECT - specific activities, whether of a technical or non-technical nature, with persons not currently employed by INSPECT or the Professional Licensing Agency. This includes, but is not limited to, sharing or discussing details pertaining to patient medical treatment histories; sharing or discussing details related to INSPECT software functionalities; or sharing or discussing sensitive internal procedural matters. Egregious disregard for the confidentiality and security policy will result in disciplinary action commensurate with the offense.
PROCEDURES
1. Requesting Patient/Practitioner Information: INSPECT Staff may submit requests on the PMP Manager/WebCenter to review information referenced by a user, or to evaluate/test the technical performance of the PMP Manager/WebCenter. Any other type of request constitutes a violation of the security and confidentiality policy.
2. Media Storage/Retention: INSPECT will store and secure all diskettes, CDs and other forms of media received by reporting pharmacies for a period of no longer than two calendar years. After two years, the media will be destroyed by a third-party vendor.
The Media Retention Schedule and Storage Guidelines are as follows:
|
Media Type |
Storage Location |
Precautions |
Retention Period |
|
Pharmacy Profile Sheets |
In Profile Sheets File |
None |
Perpetuity |
|
Compliance Files |
In File Cabinet |
Locked |
Perpetuity |
|
Certified Mail Receipts |
In Compliance File (if applicable) |
None |
Perpetuity |
|
Zero Reports |
None |
None |
Shred after logging |
|
Patient Rx History Reports |
In Compliance Files (if applicable) |
Locked |
Perpetuity (Shred immediately if not part of compliance folder) |
|
DEA 106 Forms |
In Theft & Loss File |
None |
Shred every 3 months |
|
Error Resubmission Forms |
In Error Resubmission File |
None |
Shred every 3 months |
|
Pharmacy Diskettes |
In Overhead Bin |
Locked |
Destroy every 3 months |
|
Pharmacy CD-Roms |
In Overhead Bin |
Locked |
Destroy every 3 months |
|
DEA CD-Roms |
In Overhead Bin |
Locked |
Destroy Oldest Iteration |
|
Melissa Data CD-Roms |
None |
None |
Send to IOT for uploading |
|
Error Reports |
In Compliance File (if applicable) |
Locked |
Perpetuity (Shred immediately if not part of compliance folder) |
|
Request Reports |
In Compliance File (if applicable) |
Locked |
Perpetuity (Shred immediately if not part of compliance folder) |
|
Exemption Forms |
In Exemption File |
None |
Perpetuity |
|
New Store & Change of Ownership Form |
None |
None |
Shred after logging |
|
Store Closure Forms |
None |
None |
Shred after logging |
