EPCS Certification

Drummond Group's Electronic Prescriptions for Controlled Substances

The electronic transmission of healthcare information always raises privacy and security concerns. And with the DEA now allowing for prescriptions of controlled substances to be transmitted electronically (Electronic Prescriptions for Controlled Substances - EPCS), security concerns are further increased.

As such, the Drug Enforcement Administration (DEA) aims to provide security assurance via an initiative that requires DEA approved 3rd party certification organizations:

  • to review and certify software vendors' EPCS applications, and
  • evaluate security practices for Installed Applications

As part of this program, Drummond Group has been authorized to serve as a neutral third-party certification organization of EPCS applications and as an auditor of the security processes employed by hospitals, physicians and pharmacies if they have EHR/EPCS software applications installed on site.

To earn EPCS Application Certification, EPCS systems must undergo a rigorous certification process where we carefully review and test EPCS applications to provide assurance that the application fully meets all of the requirements of the Drug Enforcement Administration's Interim Final Rule for Electronic Prescriptions for Controlled Substances.

During this process, we rely on our deep experience in software certification to ensure that these systems can demonstrate compliance to the detailed technical requirements enumerated in the EPCS Interim Final Rule 21-CFR Parts 1300, 1304, 1306, 1311 and others incorporated by reference. Drummond Group's skilled auditors and security personnel have developed tests, procedures and even software components to review the products they are asked to certify.

In addition, where the software application is an Installed application on site (vs. an ASP-based hosted application) Drummond Group works with either the software vendor to facilitate a rollout plan or directly with hospitals, physicians and pharmacies where the application is installed.

Where the EPCS software application is an ASP-based hosted solution (such as a cloud based solution accessed through your web browser), Drummond Group works with the software vendor to ensure that Processing Integrity is addressed at the Data Center where the software application is hosted. And for pharmacies, practitioners or hospitals using an ASP-based hosted solution the Processing Integrity assessment onsite is not necessary as it is performed at the Data Center.

In both cases, the goal of Processing Integrity validation is to assess the security practices where the application is installed, that they reflect the recommendations, the implementation and use of appropriate security controls promulgated by the National Institute of Standards and Technology (NIST) in Special Publication 800-53A (and by incorporation, 800-53) and as required by DEA through their Processing Integrity Clarification.

The ultimate goal of the EPCS Application certification and Processing Integrity security assessment is to provide confidence that the organization is operating a compliant EPCS software application that implements EPCS according to the DEA regulations, and can do so in a manner that addresses the processing integrity requirement. The organization wanting to use EPCS must demonstrate that it is using an Audited/Certified EPCS application, and if installed on site, that it has implemented policies, procedures and appropriate technology to mitigate the risk from intentional attacks and unintentional vulnerabilities.

While such security exposures can never be completely eliminated, the risk of their occurrence and the impact they have can be reduced, and the likelihood of their detection can be greatly enhanced.

Even though security concerns are heightened with controlled substances, facilitating electronic prescribing of these drugs is an important step for healthcare. Adding controlled substances to the e-prescribing capability will help the industry more fully realize the benefits of automation. EPCS accounts for about 11% of all medication orders, a significant portion of the total. By enabling organizations to electronically prescribe these substances, the healthcare industry will be able to truly move toward a paperless environment.

Drummond Group's EPCS certification and assessment program is just one of our healthcare programs. We also certify electronic health records and controlled substance ordering systems (CSOS) – making us the only third-party organization to act as a certifier for all three of these healthcare initiatives.

EPCS Registration

To register for EPCS Certification, visit: EPCS Registration

Do you have additional questions about our EPCS testing services?

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: 512-826-2938

EPCS Testing Services Information Request

To request EPCS certification program testing please fill out the form below and a member of our staff will be in contact with you.

(All fields are required.)
*First Name:
*Last Name:

*Please type the word "orange" here: (lower case, no quotes)



Participating Companies and Test Communities

/n software   Abeo Solutions, Inc.   Accumedic Computer Systems, Inc.   Acmeware, Inc.   Acuitec, Inc.   Addison Health Systems, Inc.   ADS Technologies, Inc.   Advanced Provider Solutions   AdvantaChart Inc.   Agastha, Inc.   Alere Accountable Care Solutions   Alere Analytics   AllegianceMd Software, Inc.   Allscripts   Alma Information Systems, Inc.   AlphaCM, Inc.   AltaPoint Data Systems, LLC   American Business Systems, LLC   American Dental Partners, Inc.   American Well   Anasazi Software, Inc.   AppMed, Inc.   Arcron Systems, Inc.   Argyle Medical Software   Aurora Health Care, Inc.   Axway   Azalea Health   Bogardus Medical Systems, Inc.   BridgeGate   Bridgeware   Businet, LLC   CA   California Medical Systems   Caradigm USA LLC   CareCloud Corporation   CareEvolution, Inc.   ChartLogic, Inc.   CISCO   Clarkson Eyecare   Cleo Communications   Clinigence   CMR   CoCENTRIX CCP   CodoniX   Community Health Network (Indianapolis, Indiana) ClearPractice   Compinia IT Services   Comtron Corp.   Corepoint Health   Criterions LLC   Crowell Systems   CSC   Custom Software Systems, Inc.   Cyclops Vision Corporation DigiDMS, Inc.   Data Strategies, Inc.   DataNet Solutions, Inc.   Defran Systems, Inc.   Dell – Boomi   Descartes   DiCentral Corporation   DigiDMS, Inc.   Diversified Ophthalmics, Inc.   Doc-tor.com, LLC   doc2MD, Inc.   DocuTAP   DocuTrac, Inc.   DSS, Inc.   e-MDs, Inc.   e-MDs   E-Z BIS, Inc.   E2open   Easy Billing Systems   eCareSoft Inc.   eCast Corporation   eHana   eHealthCare Systems, Inc.   eHealthFiles, Inc.   EHR Doctors, Inc.   ElationEMR   Elekta – IMPAC Medical Systems, Inc.   EMD Wizard, Inc.   Emdeon Inc.   EMedicalNotes, LLC   Empower   EMRlogic Systems   Enable Healthcare Inc., (EHI)   Encite, Inc.   EndoSoft, LLC   Entrust   EPOWERdoc, Inc.   Estuary Electronic Health Records   Etransmedia   ExitCare, LLC   Exscribe, Inc.   EXTOL International, Inc.   EXTOL   Eyecom3 / HealthLine Systems, Inc.   EyeMD EMR Healthcare Systems, Inc.   EZnotes, Inc.   Falcon, LLC.   First Call   Flame Computing Enterprises   Florida Department of Health   Forte Holdings Life Systems Software   Forte Holdings   Forward Advantage Inc.   FutureNet Technologies Corporation   Gaargle Solutions, Inc.   GE Healthcare   GE Healthcare   GEMMS   Gen-SourceRX   General Electric Healthcare IT   GeniusDoc, Inc.   Genix Technology Inc.   Geriatric Practice Management   gMed, Inc.   GXS   H-DOX   HCA – Information Technology & Services, Inc.   HCA    Health Administration Systems, Inc.   Health Care DataWorks   Health Gorilla, Inc.   Healthcare Management Systems, Inc.   HealthFusion   HealthPort, LLC   HealthTrio, LLC   Hewlett-Packard Company   HHT International, Inc.   Hill-Rom Holdings, Inc.   Holt Systems, Inc.   Hospital Systems   IBM   ICAN Solutions, Inc.   ICANotes, LLC   iChartsMD   ICS Software, Ltd.   IHM Services Company   iMed Software Corporation   iMedicWare   iMedX, Inc.   InfoQuest Systems, Inc.   Infor-Med Corporation   Infor   Inforia, Inc.   Informedika, Inc.   Innovative Medical Practice Solutions, LLC   Inovis   InPracSys™   Instakare Accentia Healthcare Solutions Corporation   Institute for Health Metrics   INTEC Inc.   Intec   Integrated Health Care Solutions   Intelligent Healthcare   Interactive Practice Management Systems dba DocWorks   Interface People, LP   InterSystems Corporation   Intivia, Inc.   IntrinsiQ LLC   InTUUN Systems   IO Practiceware, Inc.   IQ-EQ Systems, LLC   IRCS, Inc.   iSALUS Healthcare   IsaNetworks, Inc.   Joseph P. Addabbo Family Health Center, Inc.   Kabot Systems   Keiser Computers, Inc.   KeyMedical   klipMedical.com   KPMD, Inc.   Lavender & Wyatt Systems, Inc.   Legisym, LLC   Levin Software Technologies, Inc.   LOGICARE® Corporation   LSS Data Systems   M3 Healthcare Solutions   MagView   Mayo Clinic Rochester, MN   McKesson   MD Logic EMR   MDOFFICE INC   MDoffice, Inc.   MedcomSoft   MedConnect   MedCPU Inc.   Medflow, Inc.   MEDHOST®, Inc.   Medical Informatics Engineering   Medical Messenger   Medical Voice Products, Inc.   MedicalMine, Inc.   Medicity, Inc.   MedInformatix   MediRec, LLC   Medisolv Inc.   MediSYS   MEDITECH (Medical Information Technology, Inc.)   Mediware Information Systems   MedNet Medical Solutions   MedNet System   Medrium Inc.   Medstreaming   Medtech, Inc.   MedWorxs LLC   MedXLnce, Inc.   Merge Healthcare   MicroFour, Inc.   Microsoft Corporation   Midwest Software, LLC   Mighty Oak Technology   MindLinc-Duke   Mitchell & McCormick, Inc.   Mitochon Systems, inc   Mountain Computer Systems   MxSecure, Inc.   Mychartsonline.com   National Healing Corporation   Navigating Cancer, Inc.   NaviTouch, LLC   NCG Medical Systems, Inc.   Net Health Systems, Inc.   Net Health   Netsmart Technologies, Inc.   New Wave Software, Inc.   Nexus Clinical LLC   Nth Technologies, Inc.   NTT Soft   OA Systems, Inc.   Oban Pty Ltd.   ODOS Industries, Inc.   Office Ally, LLC   Omedix   Omnicell, Inc.   Open Dental Software   Open Software Solutions, LLC   OpenText GXS   Oracle   Outcome Sciences, Inc. (Outcome)   Parkview Health System, Inc.   Patagonia Health   PatientClick   PatientNOW   PBO Corp.   PBSI – Positive Business Solutions, Inc.   PCC Physician's Computer Company – Pediatric Software   PCIS GOLD   Penn Medical Informatics Systems, Inc.   Perceptive Software from Lexmark   Phoenix Ortho, LLC   Phyaura, LLC   Physicians Computer Company   Phytel, Inc.   Ping Identity   Plexus Information Systems, Inc.   Practice Communications   Practice Director   Practice Fusion   Practice Today   PracticeFusion   Prairie Cardiovascular Consultants, LTD   PrescribersConnection, LLC   Press Ganey Associates   Procentive   ProComp Software Consultants   Prognosis Innovation Healthcare   ProMed Clinical Systems, LLC   QRS, Inc   QuadraMed Corporation   Quantros, Inc.   QuikEyes, Inc.   Rabbit Healthcare Systems   Radysans, Inc.   RelayHealth, a division of McKesson Corporation   Riverside Health System   Rural Wisconsin Health Cooperative   RWHC QI Program   Sage ScriptRx, Inc.   Salar, Inc.   SAP AG Syncra Systems, Inc.   Secure Infosys LLC Nth Technologies, Inc. Hill-Rom Holdings, Inc.   SEEBURGER AG   Sequel Systems Inc.   SilkOne Inc.   SMARTMD™ Corporation   SMB Medical Billing   Smoky Mountain Information Systems, Inc.   Softech Inc.   Sophrona Solutions, Inc.   Source Medical Solutions   SRSsoft   Sterling Commerce, an IBM Company   Streamline Health, Inc.   Summit Healthcare Services Inc.   Surgical Information Systems   Systemedx Inc   TactusMD™   Tech-Time, Inc.   TechSoft, Inc.   TeleResults   The Echo Group   The Shams Group   TheraManager LLC   TIBCO Software Inc.   TIBCO   Tools4Medicine, Inc.   Tranquilmoney Inc.   Transentric   TransMed Network Inc.   Trellix Engineering Corp.   UBISECURE   Unibased Systems Architecture, Inc.   Unifi Technologies, Inc.   Unityware   US Oncology   Vanderbilt University   Varian Medical Systems   veEDIS Clinical Systems, LLC   VipaHealth Solutions, LLC   Virco Lab, Inc.   VisionTree Software, Inc.   VisionWeb   Vitalz Technologies, LLC   Vitera Healthcare Solutions, LLC   WCH Service Bureau, Inc.   WEBeDoctor, Inc.   Welligent, Inc.   Wellogic   Williams Group   WonderDoc, LLC   Workflow.com, LLC   Xcite Health Corp. and Encounterpro Healthcare Resources Inc.   Xpress Technologies   Yak Digital Corp.   Z-Geoinfo Inc.   ZipChart, Inc.  

Copyright © 2013 Drummond Group Inc.  Follow DrummondGrpTest on Twitter