Six Steps to a Successful e-Prescribing of Controlled Substances Project: Part 1

Kyle Vernest

December 2, 2014

Electronic prescribing of controlled substances (EPCS) has many benefits for prescribers, patients, IT, and pharmacy and hospital administration. But the DEA requirements for EPCS introduce complexities that need to be considered when developing a project plan.

We’ve discussed some of these considerations before, but there are many tactical steps that cut across the healthcare organization. This two-part article will provide details on what IT, clinical leadership, pharmacy, the application/EMR team, and the compliance/credentialing departments can do to make an EPCS project a success in six key phases: Assessment, Preparation, Testing, Enrollment, Transition, and Deployment (in this first article, we’ll cover the first three steps).

Phase 1: Assessment

Role	Responsibility
IT	Identify current identity and access systems in place across the organization.
Clinical leadership	Determine (along with IT), what clinical workflows make sense for authentication under the NIST SP 800-63-1 regulation. Work with IT and applications/EMR teams to ensure that the authentication solutions chosen are compatible with your EMR.
Pharmacy	Identify state regulations and requirements for EPCS. Currently, 49 states have laws allowing EPCS, and some states have implemented legislation mandating EPCS (for example, New York’s I-STOP Act requires all medications in the state to be prescribed electronically as of March 27, 2015).
Application, EMR Team	Ensure the EMR(s) and/or other e-Prescribing applications used for EPCS have been certified.
Compliance, credentialing department	Determine the process for prescriber identity proofing that will be used. Identity proofing can be done institutionally (through the credentialing office) or on an individual basis (using a third-party, DEA-approved credential service provider (CSP)).

Phase 2: Preparation

Role	Responsibility
IT	Work with clinical leadership to assess what authentication options are available and feasible within the organization and how they integrate with the current systems.
Clinical leadership	Consider policies and workflows related to the EPCS authentication methodologies selected. Considerations for remote e-Prescribing, lost or forgotten tokens, and other possible scenarios must be made to establish contingencies.
Pharmacy	Identify local pharmacies that accept electronic prescriptions for controlled substances. Engage with local pharmacies that are EPCS enabled to ensure they are aware of the organization’s EPCS initiatives.
Application, EMR Team	Work with clinical leadership to select the right authentication solution for the EMR(s) and work to deploy the solution through a development/test/QA system for testing and quality assurance. Work with the EMR vendor(s) to ensure proper integration and documentation is available.
Compliance, credentialing department	Work with the team to identify how credentialing will be rolled out. Assuming institutional identity proofing is used, determine how the credentialing staff will be educated on credentialing for EPCS.

Phase 3: Testing

Role	Responsibility
IT	Ensure that the systems work consistently across the IT network, both onsite and remotely. Make sure to include full Windows clients, thin, zero, and mobile devices (if applicable) as part of the testing scheme, both onsite and remotely.
Clinical leadership	Work with a core group of clinical experts with a variety of technology experience to test the selected system from enrollment to transaction level authentication in a controlled test/QA environment.
Pharmacy	Work with IT and applications/EMR team to ensure functional testing of the systems with community pharmacies and the hospital EMR. Continue to communicate with local pharmacies about the deployment plan and when they should start expecting EPCS prescriptions.
Application, EMR Team	Test how the EMR system functions with the selected solution for EPCS. Ensure that all signing workflows are considered and work with clinical staff to ensure the solution doesn’t disrupt any clinical workflows.
Compliance, credentialing department	Test the enrollment of credentials and determine the appropriate plan for deploying the enrollment of credentials to clinicians. Work with clinical leadership on the credential enrollment plan, as all user identities must be vetted as part of the process. Add the identity vetting and credential enrollment plan as part of your normal credentialing practice.

These are some of the activities that each stakeholder should lead during the first three phases of an EPCS project plan. In the next post, we’ll walk through the final three steps: Enrollment, Transition, and Deployment.