Access to patient information
A patient’s health care providers and pharmacists may request information from the PDMP system to evaluate the need for treatment or to provide treatment. Additionally, personal information in the database is destroyed after three years, so your health care providers can only see three years of your prescription history.
Law enforcement can only obtain a copy of a patient’s PDMP record with a valid court order. Law enforcement does not have access to the data in the system.
The PDMP staff will conduct auditing activities to monitor for unusual and potentially unauthorized use of the system. When the Oregon Health Authority (OHA) learns of or suspects unauthorized access to the system or system data, the OHA will investigate.
Suspected unauthorized access
A patient may send written notification to the OHA if he or she believes unauthorized access to his or her information has occurred. The notification shall include: the patient’s name, who the patient suspects gained unauthorized access to the patient’s information, what information is suspected to have been accessed by an unauthorized use, when the suspected unauthorized access occurred, and why the patient suspects the access was unauthorized. The OHA shall investigate each notification of suspected unauthorized access.
The department shall notify the Oregon Attorney General and each affected individual of an improper disclosure of information from the prescription monitoring program. In addition to any other penalty provided by law, the Attorney General may impose a civil penalty not to exceed $10,000 for each violation of the PDMP statute. Each improper release of information from the prescription monitoring program is a separate violation.
In the event of a violation of the PDMP statute, the individual injured may bring a civil action against the person or entity that made the violation and may recover damages in the amount of $1,000 or actual damages, whichever is greater.