Aug 21, 2019

Four Steps to Comply with EPCS Mandates—for Individual Practitioners

Updated August 3, 2023  |  Published August 21, 2019 by Helen Farnen

Graphic of 1 healthcare customer pointing to a phone prescription

Deadlines are around the corner

Using an electronic prescription tool is more than an efficient way to write prescriptions, it’s also an important weapon in the fight to prevent drug overdoses. In fact, e-prescribing is part of the federal “Every Prescription Conveyed Securely” mandate that takes effect in 2021.

And more than half of states have mandates that have either taken effect or will take effect soon. It can take time to do what’s needed to comply with the mandates. Beginning the process now helps you stay ahead of the deadlines.

Getting started

The following shows the steps for individual practitioners, such as solo and small group practices. You fit into this category if your practice is registered to an individual DEA number.

Step 1. Confirm your EHR software is EPCS certified

The easiest way is to check with your EHR vendor. Or you can have a qualified-third party audit your application or have your application reviewed and certified by an approved certification group.

Step 2. Prove your identity

Either online or in-person, connect with an approved credentialing service provider or a certification authority company that works with your EHR vendor. You’ll need to show your medical license and a government-issued document with your photo. You may also have to provide proof of your mailing address, such as a utility bill. For online proofing, scan and email these documents.

Step 3. Create your two-factor authentication

A two-factor authentication ensures that only you can sign and send the controlled substance prescription to a pharmacy. You can use a hard or soft token (explained later). For example, a username and password along with a six-digit personalized identification number (PIN).

Step 4. Establish secure access

Two people are needed to set up secure access controls for EPCS:

  1. A DEA registrant who has been ID-proofed and created two-factor authentication. This could be you.
  2. Someone who can confirm your identity. This could be someone in your practice, but they are not required to work in your practice.

How does the two-factor authentication work?

When prescribing controlled substances, you’ll be required to authenticate the prescription by providing two of three factors:

  1. Something you know, such as a username and password.
  2. Something you have, such as a token.
  3. Something you are, for example, a biometric identifier or a customized PIN.

Want to know more? Visit the frequently asked questions on the DEA website.

What’s a token?

Tokens take two forms. A hard token is a cryptographic key stored on a hardware device (such as a fob, smart card, USB drive, or one-time password device). A soft token is a one-time password that’s generated from a device, such as a smartphone or tablet.

Act now to be ready for the mandates

As you can see, it can take time to complete each required step. So, it makes sense to start now. Then once you’ve completed the process, you’re able to legally, securely, and conveniently e-prescribe controlled substances.

To learn how our EPCS-certified solutions can improve your business, check out the guide, contact us at (800) 943-7968 option 3, email [email protected], or fill out a form at the link below.

Learn More

Ready to improve your practice?

See why our integrated, award-winning healthcare software is the right fit for your medical practice! Since 1999, we've developed certified, cloud-based Electronic Health Records (EHR) with Patient Portal, E-Prescribing (eRx), and Practice Management with Medical Billing and Scheduling.

Scroll to Top