Delaware PDMP Data Request

To Whom it May Concern,

Northeastern University’s School of Social Justice and Health Equity is interested in the state’s prescription monitoring program, the DelawarePMP. Specifically, we want to learn more about law enforcement access to the database, the use of an algorithm that produces a risk assessment score to analyze its contents, and the data access and retention rules governing the system. We understand the algorithm was produced by the corporation Appriss Health.

In order to permit the public to understand how the Office of Controlled Substances (OCS) in the Delaware Division of Professional Regulation is using the DelawarePMP, and how it impacts public health and civil liberties in Delaware, Northeastern University’s Health in Justice Action Lab is making this request under the Delaware Freedom of Information Act § 100001 et seq., for the following records:

1. Any and all records reflecting an agreement for purchase, acquisition, or licensing of, or permission to use, test, or evaluate Appriss’s systems or services, including any product or service offered;

2. Any and all memoranda of understanding between the Office of Controlled Substances (OCS) in the Delaware Division of Professional Regulation and any outside entity regarding the DelawarePMP;

3. Any and all records including information about the algorithm that determines risk scores in the DelawarePMP, including but not limited to its source code, developer documentation, and operator manuals (e.g. NarxScore, Overdose Risk Score);

4. Any and all research, technical reports, or internal audits that define and/or evaluate the DelawarePMP effectiveness or performance;

5. Any and all research, technical reports, or internal audits that evaluate the Appriss risk assessment tool’s effectiveness or performance;

6. Any document containing a full list of the data fields in the DelawarePMP;

7. Any and all records of de-identified red flag algorithm outputs (e.g. provider red flag, pharmacy red flag, 40 MED red flag) and patient behavioral red flags (e.g., anxious patient demeanor, distance between prescriber and dispenser) with prescriber/dispenser training documentation on how to address the red flags;

8. Any record showing the number of patients in the DelawarePMP by quarter and year (2006-present);

9. Any record showing the number of prescribers and pharmacists in the DelawarePMP by quarter and year (2006-present);

10. Any and all records containing Office of Controlled Substances (OCS) in the Delaware Division of Professional Regulation analysis of whether and/or how the DelawarePMP has impacted public health in Delaware (e.g. decrease or increase in overdose rates, “doctor shopping,” prescribing volume, etc.) over time;

11. Any and all records 2006-present of notification to law enforcement about information in the DelawarePMP Medical Review Group or other channels, including but not limited to how many times law enforcement agencies have been notified about information in the DelawarePMP, and which agencies have been notified;

12. Any and all internal policy, memoranda, and/or training documentation describing how entities outside of Office of Controlled Substances (OCS) in the Delaware Division of Professional Regulation , including law enforcement, may obtain access to information in the DelawarePMP, including but not limited to the rules, regulations, and procedures of the Medical Review Group;

13. The legal authorization for sharing DelawarePMP information with the law enforcement entities; and

14. Any and all records showing how often law enforcement entities or individuals have requested information or records from the DelawarePMP, or made electronic queries of the system, including but not limited to what types of information or records have been requested, which agencies have made the requests, the percent of requests that were accepted versus denied, temporal trends, the form of the request (e.g. subpoena, warrant, etc.), and whether the requests were granted or denied.

Because this request involves a matter of public concern and because it is made on behalf of a nonprofit organization, we ask that you waive any fees. If you decide not to waive fees, we request that you permit us to examine, at our election, the responsive documents before deciding which portions to transmit. We prefer the documents in electronic format.

Should you determine that some portion of the documents requested are exempt from disclosure, please release any reasonably segregable portions that are not exempt. In addition, please note the applicable statutory exemption and explain why it applies to the redacted portions. As you know, a custodian of public records shall comply with a request within 15 days after receipt.

Thank you for your assistance. We look forward to your response.

Sincerely,
Sarah Seymour