Section R4-23-502. Requirements for Data Format and Transmission  


Latest version.

All data is extracted from pdf, click here to view the pdf.

  • A.      Each dispenser shall submit to the Board or its designee by electronic means information regarding each prescription dis- pensed for a controlled substance listed in Schedules II, III, and IV of A.R.S. Title 36, Chapter 27, the Arizona Uniform Controlled Substances Act. The information reported shall conform to the August 31, 2005 Version 003, Release 000 ASAP Rules-based Standard Implementation Guide for Pre- scription Monitoring Programs published by the American Society for Automation in Pharmacy as specified in A.R.S. § 36-2608(B). The information submitted for each prescription shall include:

    1.        The name, address, telephone number, prescription num- ber, and DEA registration number of the dispenser;

    2.        The name, address, gender, date of birth, and telephone number of the person or, if for an animal, the owner of the animal for whom the prescription is written;

    3.        The name, address, telephone number, and DEA registra- tion number of the prescribing medical practitioner;

    4.        The quantity and National Drug Code (NDC) number of the Schedule II, III, or IV controlled substance dispensed;

    5.        The date the prescription was dispensed;

    6.        The number of refills, if any, authorized by the medical practitioner;

    7.        The date the prescription was issued;

    8.        The method of payment identified as cash or third party; and

    9.        Whether the prescription is new or a refill.

    B.       A dispenser shall submit the required information electroni- cally unless the Board or its designee approves a waiver as specified in subsection (D).

    C.      A dispenser's electronic data transfer equipment including hardware, software, and internet connections shall meet the privacy and security standards of the Health Insurance Porta- bility and Accountability Act (HIPAA) of 1996, as amended, and A.R.S. § 12-2292, in addition to common internet industry standards for privacy and security. A dispenser shall ensure that each electronic transmission meets the following data pro- tection requirements:

    1.        Data shall be at least 128-bit encryption in transmission and at rest; and

    2.        Data shall be transmitted via secure e-mail, telephone modem, diskette, CD-ROM, tape, secure File Transfer Protocol (FTP), Virtual Private Network (VPN), or other Board-approved media.

    D.      A dispenser who does not have an automated recordkeeping system capable of producing an electronic report in the Board established format may request a waiver from electronic reporting by submitting a written request to the Board or its designee. The Board or its designee shall grant the request if the dispenser agrees in writing to report the data by submitting a completed universal claim form supplied by the Board or its designee.

    E.       Unless otherwise approved by the Board, a dispenser shall report by the close of business on each Friday the required information for the previous week, Sunday through Saturday. If a Friday falls on a state holiday, the dispenser shall report the information on the following business day. The Board or its designee may approve a less frequent reporting period if a dispenser makes a showing that a less frequent reporting period will not reduce the effectiveness of the system or jeop- ardize the public health.

Historical Note

Former Rule 5.2510. Amended by final rulemaking at 8

A.A.R. 4898, effective January 5, 2003 (Supp. 02-4). Recodified to R4-23-802 at 9 A.A.R. 4011, effective August 18, 2003 (Supp. 03-3). New Section made by

final rulemaking at 14 A.A.R. 3410, effective October 4,

2008 (Supp. 08-3). Section expired under A.R.S. § 41-

1056(J) at 20 A.A.R. 133, effective August 30, 2013 (Supp. 14-1). New Section made by final rulemaking at 20 A.A.R. 1359, effective August 2, 2014 (Supp. 14-2).