Primer on Secure Electronic Prescribing for Controlled Substances


This is the first in a series of blog posts about secure electronic prescribing in which we will offer insight, analysis and best practices for secure e-Prescribing, focused on the impact to clinical workflows, the technology requirements and the state/federal regulatory landscape.

Adoption of electronic prescribing is on the rise, with more than 700 million new prescriptions written electronically in 2012. The benefits of e-Prescribing have been well-documented—increased accuracy, improved patient safety and reduced costs.

To ensure the security and accuracy of e-Prescribing, various regulatory requirements have been implemented at both the state and federal level mandating the use of more sophisticated security measures when prescribing medication electronically. For example, the Ohio Board of Pharmacy requires two-factor authentication for care providers who prescribe or order medications through e-Prescribing or computerized physician order entry (CPOE).

The Ohio Board of Pharmacy was the first state to require a second-factor authentication when prescribing or ordering medications. However, e-Prescribing of controlled substances as defined by the Drug Enforcement Agency (DEA) has not been allowed. In 2010 this changed when the DEA finalized its rule allowing controlled substances to be prescribed electronically if specific criteria are met by all parties participating in e-Prescribing.

Since the DEA final rule was adopted, the boards of pharmacy in 44 states have since passed regulations allowing electronic prescribing of controlled substances (EPCS). The DEA also requires that both the electronic medical records (EMR) system and the pharmacy systems be certified for EPCS.

Today, Epic, Cerner and several other EMR vendors are certified, as are many pharmacy systems, allowing more than 12,000 pharmacies across the U.S. to accept prescriptions for controlled substances that were ordered electronically.

To satisfy the DEA requirements and enable EPCS, two-factor authentication technology is required. The DEA’s rule stipulates that signing a prescription for a controlled substance requires two-factor authentication. This includes a combination of something only the provider knows (such as a password), something the provider is (such as a fingerprint or biometric data), and/or something the provider has (such as a token). 

Now that these barriers to EPCS have been addressed, we expect to see an increase in adoption of e-Prescribing of controlled substances. In particular, we are watching New York State, where lawmakers have passed legislation known as I-STOP (Internet System for Tracking Over-Prescribing). I-STOP is designed to more effectively track patterns of potential prescription misuse, and among its mandates, the law requires that by March 2015, all prescriptions issued in the state of New York must be done so electronically, including prescriptions for controlled substances.

New York should serve as a bellwether that will indicate the long-term patient safety and clinical workflow benefits to EPCS. However, now that the technology and regulatory barriers to adoption have been addressed, healthcare organizations across the U.S. have the ability to satisfy demand from providers to enable EPCS. In the long run, this will help to better control prescription fraud, improve patient safety, medication adherence and streamline the workflow of prescription management and administration for care providers, which allows clinicians more time to focus on patient care.

In future posts, we’ll continue to share our insights and best practices about secure e-Prescribing. Some of the areas we plan to cover include:

  • Increasing provider adoption of secure e-Prescribing once the technology is in place
  • Identity proofing and credentialing --crucial components to the EPCS process
  • Benefits of adopting EPCS when participating in an Accountable Care Organization (ACO)
  • Key drivers for EPCS 

And as always, if you have any comments, thoughts, questions or ideas for topics you’d like us to address, please leave a comment here.