Iowa Admin. Code r. 657-37.17 - Integrated systems
A
(1) The integrated system shall log each
user's access to PMP information. Access logs shall be retained by the
practitioner , health care system , or pharmacy for a minimum of four years from
the date of access and shall be provided to the board upon request.
(2) If the user identified in access logs is
not the practitioner , the integrated system shall clearly identify on which
practitioner 's behalf the user was accessing PMP information. A practitioner 's
delegate using an integrated system is required to maintain active PMP
registration.
(3) The integrated
system shall maintain appropriate administrative, technical, and physical
security measures to safeguard against unauthorized access, disclosure, or
theft of PMP information and shall meet all HIPAA requirements for safeguarding
protected health information.
(4)
The practitioner , health care system , or pharmacy shall notify the PMP
administrator of any breach in the electronic health record system that may
have included PMP information within 72 hours of making the determination that
a breach occurred.
(5) An
integrated system shall comply with all requirements in subchapter VI of Iowa
Code chapter 124 and all requirements of this chapter.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.