(a) A pharmacist shall provide adequate security of
prescription drug orders, medication orders, and patient medication
records to prevent indiscriminate or unauthorized access to confidential
health information. If prescription drug orders, requests for refill
authorization, or other confidential health information are not transmitted
directly between a pharmacy and a physician but are transmitted through
a data communication device, confidential health information may not
be accessed or maintained by the operator of the data communication
device unless specifically authorized to obtain the confidential information
by this section.
(b) Confidential records are privileged and may be
released only to:
(1) the patient or the patient's agent;
(2) a practitioner or another pharmacist if, in the
pharmacist's professional judgement, the release is necessary to protect
the patient's health and well being;
(3) the board or to a person or another state or federal
agency authorized by law to receive the confidential record;
(4) a law enforcement agency engaged in investigation
of a suspected violation of Chapter 481 or 483, Health and Safety
Code, or the Comprehensive Drug Abuse Prevention and Control Act of
1970 (21 U.S.C. Section 801 et seq.);
(5) a person employed by a state agency that licenses
a practitioner, if the person is performing the person's official
duties; or
(6) an insurance carrier or other third party payor
authorized by a patient to receive such information.
(c) A pharmacy shall provide written policies and procedures
to prohibit the unauthorized disclosure of confidential records.
|