EPCS Clients: We’ve Got Your Back!
Staying on track with new privacy and security mandates can be dizzying. For instance, federal law historically required that a prescription for a controlled substance be issued in writing and fulfilled with the issuance of a paper prescription. In 2010, the federal law requiring a paper prescription for a controlled substance was changed and the Drug Enforcement Agency’s (DEA) electronic prescribing for controlled substances (EPCS) ruling permitted physicians to submit their prescriptions to pharmacies electronically.
This December, the DEA is expected to publish an updated final ruling on its EPCS requirements. And, Drummond’s EPCS experts have your back!
We are ready to help our clients – doctors, nurse practitioners and pharmacists, etc. – stay on track as you navigate through any and all federal and state requirements for EPCS. Drummond has a change management process in place to help prepare and offer attestations of your EPCS certifications – it is our mission to protect and guide you through federal updates every step along the way. Our unique approach and detail-oriented services will help your staff gain expertise and a deeper understanding of the DEA regulations, including any updates as they are introduced.
What changes are expected?
While the DEA is notoriously tight-lipped about regulatory changes, the agency requested feedback on certain topics during its June 2020 “request for comments” period. To help shed light on the changes it is considering, here’s nine topics the DEA requested feedback on during the interim period:
- What types of two-factor authentication technologies are being used by practitioners to sign controlled substance prescriptions and are there viable alternatives to the 2FA options that were initially outlined in the IFR?
- What are the current practices for remote identity proofing?
- How are institutional practitioners conducting identity proofing?
- Should the DEA keep the requirement to audit changes to logical access controls?
- Are the requirements enough for setting logical access controls for institutional practitioners?
- Have any EPCS providers experienced security events?
- Are there any issues practitioners have commonly encountered in adopting EPCS?
- What is the status of biometrics as a second factor of authentication?
- Have there been issues with failed electronic transmissions?
It is likely that the upcoming changes will address current weaknesses in the rule around mobile authentication, biometrics and identity proofing standards. However, the full extent of changes is currently unknown.
How does this impact my EPCS certification?
How the DEA’s final action will impact currently certified software is not yet known. The two most likely scenarios are that the DEA will allow current certifications to last until its next bi-annual review or set a future enforcement date such as one year from the final action. However, Drummond has a process in place to assist and guide you through any change management or attestations along the way.
When does the Final Rule go into effect?
Final rules may not go into effect in less than 30 days unless there are exceptional circumstances. The DEA has indicated that final action will be announced in December, but a specific release date has not yet been made available.
How can I learn more?
Stay tuned for the latest updates in Drummond newsletters. We will share details as soon as the final action is released by the DEA. Note our newsletters will include registration links for an upcoming webinar to review the changes. A full timeline of the DEA EPCS rulemaking also may be viewed here.
Contact us at EPCS@drummondgroup.com with any questions you may have.