Deadlines are Around the Corner
Using an electronic prescription tool is more than an efficient way to write prescriptions, it’s also an important weapon in the fight to prevent drug overdoses. In fact, e-prescribing is part of the federal “Every Prescription Conveyed Securely” mandate that takes effect in 2021.
And more than half of states have mandates that have either taken effect or will take effect soon. It can take time to do what’s needed to comply with the mandates can take time. Beginning the process now helps you stay ahead of the deadlines.
Your steps will depend on the size of your practice. Most steps are the same; however, there may be some minor differences for multi-provider and institutional practices. You fit into this category if your practice is registered to a shared or institutional DEA number.
Step 1. Confirm Your EHR Software is EPCS-certified
The easiest way is to check with your EHR vendor. Or you can have a qualified-third party audit your application or have your application reviewed and certified by an approved certification group.
This step is the same for both individual and institutional practices.
Step 2. Prove Your Identity
Either online or in-person, connect with an approved credentialing service provider or a certification authority company that works with your EHR vendor. You’ll need to show your medical license and a government-issued document with your photo. You may also have to provide proof of your mailing address, such as a utility bill. For online proofing, scan and email these documents.
If you work at an institutional practice, your health system credentialing office may do this for you. Or, ask for help from your EHR vendor.
Step 3. Create Your Two-Factor Authentication
A two-factor authentication ensures that only you can sign and send the controlled substance prescription to a pharmacy. You can use a hard or soft token (explained later). For example, a username and password along with a six-digit personalized identification number (PIN).
For institutional practices, your credentialing office, IT department, or medical leadership will let you know the type of two-factor authentication approved by your practice.
Step 4. Establish secure access
Two people are needed to set up secure access controls for EPCS:
- A DEA registrant who has been ID-proofed and created two-factor authentication. This could be you.
- Someone who can confirm your identity. This could be someone in your practice, but they are not required to work in your practice.
In the case of institutional practices, your health system’s credentialing office will send a list of practitioners who have completed steps 2 and 3 to your IT department. The IT department will assign EPCS access and permissions to approved practitioners.
How Does the Two-Factor Authentication Work?
When prescribing controlled substances, you’ll be required to authenticate the prescription by providing two of three factors:
- Something you know, such as a username and password.
- Something you have, such as a token.
- Something you are, for example, a biometric identifier or a customized PIN.
Want to know more? Visit the frequently asked questions on the DEA website.
What’s a Token?
Tokens take two forms. A hard token is a cryptographic key stored on a hardware device (such as a fob, smart card, USB drive, or one-time password device). A soft token is a one-time password that’s generated from a device, such as a smartphone or tablet.
Act now to be ready for the mandates
As you can see, it can take time to complete each required step. So, it makes sense to start now. Then once you’ve completed the process, you’re able to legally, securely, and conveniently e-prescribe controlled substances.